tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Rumney <>
Subject Re: Tomcat 3.1 + HTTPS + redirects
Date Mon, 07 Aug 2000 11:14:48 GMT
Amos Shapira <> writes:

> Hmm,
> First, it sounds possibly like a bug since the description of
> javax.servlet.ServletRequest.getScheme() specifically lists "http" and
> "https" as examples of possible return values.
> Another way, not as clean as the originally proposed solution (which I
> understand not to help), but maybe you can get the scheme and
> add an "s" to it according to the return value of
> javax.servlet.ServletRequest.isSecure()?

request.isSecure() returns false (which is probably connected to
getScheme() returning "http"). does not
appear to set a secure flag, or the scheme, so unless code elsewhere is
parsing the request line and headers it appears that getScheme() will
not work in Tomcat 3.1.

> Also, are you 100% sure that https was actually used and not dropped
> due to some certificate problems and such?

I would be very surprised, and worried, if mod_ssl does such things
silently behind the back of both user and server administrator.
Certainly the logs indicate that "SSLv3 RC4-MD5" was used for the
previous POST (which the redirect is being sent in response to).

Jason Rumney <>
AT&T Labs (Redditch, UK)

View raw message