Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Apache: Bugs

[Bug 55364] New: plain HTTP spoken on SSL port returns HTTP0.9 + HTML + no Content-Type + wrong Status

  

 
Apache bugs RSS feed   Index | Next | Previous | View Threaded


bugzilla at apache

Aug 5, 2013, 6:40 PM

Post #1 of 1 (17 views)
Permalink
[Bug 55364] New: plain HTTP spoken on SSL port returns HTTP0.9 + HTML + no Content-Type + wrong Status
https://issues.apache.org/bugzilla/show_bug.cgi?id=55364

Bug ID: 55364
Summary: plain HTTP spoken on SSL port returns HTTP0.9 + HTML +
no Content-Type + wrong Status
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: bugs [at] httpd
Reporter: calestyo [at] scientia

Hi.

This may be related to bug #9488.

When I speak (plain) HTTP to a Port where SSL is expected the following
response is given:

- HTTP 0.9
Kinda weird since this should be really dead... any reason for that?
Anyway... I could live with that.

- The following HTML is returned as body:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
<blockquote>Hint: <a
href="https://localhost/"><b>https://localhost/</b></a></blockquote></p>
<hr>
<address>Apache/2.2.22 (Debian) Server at <a
href="mailto:lcg-admin [at] lists">localhost</a> Port 443</address>
</body></html>

- no content type is given so browsers will render this as plain text
=> bug, either set the content type or don't return HTML

- 200 OK Status is given back.
For sure this can't be OK... I'm not sure whether the SSL/TLS standards specify
anything for that case... but I'd rather guess that *IF* anything is
returned,... it should be the 400 mentioned also in the HTML.

But does/should mod_ssl actually return ANY HTTP at all, in that case?
Is there any RFC which specifies this?


Cheers,
Chris.

--
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe [at] httpd
For additional commands, e-mail: bugs-help [at] httpd

Apache bugs RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.