httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rufoo <rufoo2...@yahoo.com>
Subject RE: [users@httpd] How does HTTPS work?
Date Mon, 31 Mar 2003 11:04:05 GMT

--- Boyle Owen <Owen.Boyle@swx.com> wrote:
> >-----Original Message-----
> >From: Rufoo [mailto:rufoo2001@yahoo.com]
> >
> >For a https:// url, after the browser and server
> >negotiate on the certificates and the sessoin key,
> the
> >browser encrypts all the communication with this
> key.
> >I want to see a 'sample HTTPS session', with the
> >browser doing the above and then sending the
> GET/POST
> >request with the encrypted content. Are any
> additional
> >headers sent in the case of HTTPS?
> 
> How can you see the session if it's all encrypted
> :-)
> 


I do not want to *understand* or *interpret* the data,
I just want to see the HTTP Headers (which I dont
think are encrypted) followed by the MIME part of the
encrypted data(Yeah this another question - is the
encrypted data sent as HTTP body or as a MIME part?).


> The HTTPS protocol is quite different from HTTP - it
> starts off with
> client_hello and server_hello and so on. Once the
> session is
> established, it is plain HTTP but all requests and
> responses are
> encrypted. Check out the mod_ssl docs for an
> overview
> (http://www.modssl.org/docs/2.8/ssl_intro.html) and
> the refs therein
> (esp. http://wp.netscape.com/eng/ssl3/draft302.txt) 
> 

This doc says the SSL layer sits in between TCP and
HTTP. So I am interested in what SSL write over TCP.
I do not want it all, just a simple example as
ordinary HTTP is explained in
http://www.jmarshall.com/easy/http/


> >
> >Looking at the RAW HTTP data, can one identify if
> its
> >a http session or https session?
> 
> If you can read it, it's not HTTPS...
> 

Now that I have explained what I am really looking
for, I ask this again: When the SSL layer writes to
the TCP layer, does it put any additional headers that
identifies that this URL has an 'https'. Do not say
that if you cannot read the body content it is https -
I might be sending the same over plain http too. I
hope you get it.

Thanks again, and if this is not related to this
mailing list, please let me know who can me help me.
-rf





__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message