httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nicholas Irving" <>
Subject RE: RE : HTTP to HTTPS forms submission
Date Mon, 29 Jul 2002 08:29:07 GMT
Well you learn something new everyday.

Thanks for all your help.

Nicholas Irving

-----Original Message-----
From: Boyle Owen []
Sent: 29 July 2002 08:38
Subject: RE: RE : HTTP to HTTPS forms submission

>From: Laurent []
>I think the secured-connection is established before send any
>request. So,
>your form is encoded with your cetificate.

This is correct. The empty form comes from an HTTP server so is transmitted
en clair. However, the form action is a GET or POST request to an HTTPS
server so your browser must establish an encrypted SSL channel *before*
sending the request which contains the form parameters. So your data does go

This is a confusing issue and it is not helped by the fact that most
browsers only show their padlock icon (indicating SSL) *after* they have
completed the request - i.e. the padlock doesn't click shut when you click
submit - it only does so when the acknowledgement comes back.


Owen Boyle

>-----Message d'origine-----
>De : Nicholas Irving []
>Envoyé : dimanche 28 juillet 2002 15:09
>À :
>Objet : HTTP to HTTPS forms submission
>hi all,
>I  am trying to find an answer to this, and I apologise in
>advance if this
>is off topic.
>I have a page that is being served from
> which
>contains a form with the action
> Now my question is, is the
>form being sent in ClearText or encoded with my server certificate? I
>cannot seem to find anywhere that answers this question.
>My knowledge is that since the form did not come from a secure
>it will be submitted as clear text.
>Thanks in advance.
>Nicholas Irving
>To unsubscribe, e-mail:
>For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message