httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: [users@httpd] Conversion of SSL request URL to non-SSL request
Date Wed, 05 Jul 2006 17:40:57 GMT
On 7/5/06, Qingshan Xie <xieq_49@yahoo.com> wrote:
> Hi, Boyle,
>
>    I have a related question.  We'd like to implement
> a SSL-Login on a HTTP(port 80) webServer to secure the
> userId/password.  This means, whenever a site needs
> the authentication, the webServer redirects it to
> HTTPS server for processing.  However, this is pretty
> annoying since it prompts security alerts such as "...
> from none secure site to a secure site ..." or "...
> from secure site to a none secure site ...", etc.
> Notice the new feature of Apach 2.2.x, the new
> function added in mod_ssl to support RFC 2817, which
> allows connections to upgrade from clear text to TLS
> encryption.  Can this new feature fulfill our requests
> to convert HTTP to HTTPS in a single Apache webServer?
>  Will we still get the security alerts?

No, you can't use that feature.  It is not supported by any
widely-deployed browsers, as mentioned in the docs fro the SSLEngine
directive.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message