httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Stapelberg <>
Subject [users@httpd] mod_ssl: using connection: upgrade leaves plaintext in reply
Date Thu, 21 Dec 2006 22:58:39 GMT

I'm just struggling around with using Connection: Upgrade. I issue a GET /
HTTP/1.1-request (see bottom for the exact one) and the part of the reply
which is generated by php is send in cleartext (the client naturally doesn't
want to accept that and closes the connection):

[pid 16349] recv(8,
2048, 0) = 119

PHP-script is:
for ($i = 0; $i < 10; $i++)
	echo "foobar";

How to reproduce:
Compile it using gcc -lssl -o tlsupgrade tlsupgrade.c
Run it using: strace -s 2048 ./tlsupgrade http://localhost/index.php
(Replace the address of your test server and file if necessary)
Then look out for the first 5 bytes of the cleartext (fooba in my case) which
will appear in the reply.

If you use ./tlsupgrade <URL> -u, it will issue OPTIONS * HTTP/1.1 before
using Upgrade: TLS/1.0 which will lead an empty 200-reply before another
request is made... This usually works without any problems.

So, in conclusion: The request that makes problems is:
GET /index.php HTTP/1.1
Host: localhost
Upgrade: TLS/1.0
Connection: Upgrade

I am using Apache 2.2.3 on Debian Linux (unstable).

Is this a bug? I think so. I'd be thankful for any patches or ideas where/how
to patch it.

Best regards,
Michael Stapelberg

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message