httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 50823] Provide alternate failure modes for http on https
Date Wed, 18 Apr 2012 09:56:52 GMT

--- Comment #7 from otheus <> 2012-04-18 09:56:52 UTC ---
Thanks, Stefan.

Perhaps I'm confused, but all this patch does is add a CRLF so that an inline 
  ErrorDocument 400 "HTTP/1.1 400 You requested a non-SSL resource from an SSL
will actually be usable by conforming clients. 

Further, the line:
  "GET / HTTP/1.0" CRLF
muddies the waters. Perhaps I don't understand the context that line is used
in, but it seems to me that matches an input string from the client. I dont
think that's at issue here.

To clarify:

>From a standards standpoint, I think it's absolutely incorrect to allow a port
configured for SSL (SSLEngine = "on") to operate in any other way. An HTTP
request should simply be closed, period. (If SSLEngine = "optional", then the
server should act like a normal HTTP/1.1 server until the upgrade handshake is

Excepting that, the response should be one of 400 or 426. Maybe this should be
user-configurable, but I think it matters not. Even a hardcoded response of 400
or 426 is better than what is there now. One possibly desirable behavior would
be a redirect (301).

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message