In message <[EMAIL PROTECTED]> on Mon, 3 May 2004 17:12:39 +0200, Pawel Hadam <[EMAIL PROTECTED]> said:
Pawel.Hadam> RLVW> The redirection from port 80 to port 443 needs to Pawel.Hadam> RLVW> be controled by the http server software. Pawel.Hadam> Pawel.Hadam> Is not the web browser that contacts port 80 for HTTP Pawel.Hadam> requests and port 443 for HTTPS requests ??? Of course it is. For the URL http://www.foo.com/ it will access port 80 on www.foo.com and expect cleartext HTTP, and for https://www.foo.com/ it will access port 443 on www.foo.com and expect HTTP through an SSL tunnel. Any browser will get complete crap it it gets a SSL handshake when accessing port 80 (i.e. when using the URL http://www.foo.com/). The technique to redirect port 80 to port 443 that works is, when a browser accesses port 80 (http://www.foo.com/), for the server to say "nonono, you have to get this page as https://www.foo.com/!"; (it's done through the Location HTTP header), at which point, the browser will use the new URL (https://www.foo.com/) and access port 443. ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
