Thank you for the detailed answer, Chris. On Sat, Oct 6, 2018 at 2:41 AM Christopher Schultz < ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Etcy, > > On 10/5/18 14:57, ettra lancelot wrote: > > I would like to know whether it's possible to configure tomcat to > > automatically redirect to the https URL when https port is access > > using http scheme instead of https*.* > > There is no way to get Tomcat to do this for you right now. > > There is, however, the possibility of adding such a feature to Tomcat. > > If you make an HTTP request to Apache httpd on a TLS-enabled port, > you'll get a response that says "Looks like you made a mistake". > > In the past, that would have been a huge pain in the neck for Tomcat, > since the TLS handshake was handled *entirely* by the underlying > crypto system (e.g. JSSE or APR/OpenSSL). AIUI, that code has been > re-written and Tomcat is buffering everything internally and probing > the handshake, etc. > > It should therefore be possible to respond in the way you describe, > but I'm not sure how much appetite there is for issuing a redirect > rather than just an informational page such as the one httpd returns. > > Unfortunately, Bill is incorrect when he says that you can write a > Filter for this. No application code will ever see a connection over a > connection which failed a TLS handshake. > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlu304gACgkQHPApP6U8 > pFgj9A//SR89S85mbNovDkiRLo/KzlAf64sNNd0RHSsrKkxnwnoGxMwFt2XVIJ5F > aNELyTf/mI0UPAyJw6D3W30pWVDtmqjyWe/Xc3YBKCTbDfruxUEGiW3rcSt1jVus > RmqirBN3baduSiVyF5CLktXr/82CfqQ0Z4XUtt6NK5Nh7Hz+l6Olt6D7VlP1fcpM > 29Q9vEuC5dkmdLoZYOuCleWtKeHOv96nk7pWvOq6P81VAk9SUcUEk9cbVhPosCYV > fdUf3ma8fwgJLLfz2LGZEf5Fdo4elRYTNI/OXTWQbJiuFg1umHURKjCoEhUXnzPf > FZY6mQr2OM3Yo/iLGBiVRAxrUAVEhXZjLEVE0DuPugDtb1JDX7bCZDKkz6HH+mXy > 8A8Ekm/A12I55StC2CMqLSzKErd1q06lT6Xt1y4z76IZe3O6LjGMFfIsTLRVI63w > QG1vF2pVDniXyGYozUwPuudJ7to/M9Z1Ls57RKXDXgw8QPxF7waM5vTQuiQDE/DP > ECJEnaVeGVtPeCekD8Me56ezAVDRFrDlQKcZD+8PguTGJGpIC7ubByCFgTp1PRZ0 > GxNA732h7zwTO8hSYzDTbnswwK17MJjYAezjz6ulnw178hJYSd05WJtPA1I8E798 > QmsCilXAdmp741/QjdE8cLkonmBZHrkE7tm09Jit34I9VlBg3as= > =wLba > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
