
bugzilla at apache
Aug 5, 2013, 6:40 PM
Post #1 of 1
(17 views)
Permalink
|
|
[Bug 55364] New: plain HTTP spoken on SSL port returns HTTP0.9 + HTML + no Content-Type + wrong Status
|
|
https://issues.apache.org/bugzilla/show_bug.cgi?id=55364 Bug ID: 55364 Summary: plain HTTP spoken on SSL port returns HTTP0.9 + HTML + no Content-Type + wrong Status Product: Apache httpd-2 Version: 2.5-HEAD Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: mod_ssl Assignee: bugs [at] httpd Reporter: calestyo [at] scientia Hi. This may be related to bug #9488. When I speak (plain) HTTP to a Port where SSL is expected the following response is given: - HTTP 0.9 Kinda weird since this should be really dead... any reason for that? Anyway... I could live with that. - The following HTML is returned as body: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /> <blockquote>Hint: <a href="https://localhost/"><b>https://localhost/</b></a></blockquote></p> <hr> <address>Apache/2.2.22 (Debian) Server at <a href="mailto:lcg-admin [at] lists">localhost</a> Port 443</address> </body></html> - no content type is given so browsers will render this as plain text => bug, either set the content type or don't return HTML - 200 OK Status is given back. For sure this can't be OK... I'm not sure whether the SSL/TLS standards specify anything for that case... but I'd rather guess that *IF* anything is returned,... it should be the 400 mentioned also in the HTML. But does/should mod_ssl actually return ANY HTTP at all, in that case? Is there any RFC which specifies this? Cheers, Chris. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe [at] httpd For additional commands, e-mail: bugs-help [at] httpd
|