bugzilla at apache
Aug 6, 2013, 10:37 AM
Post #3 of 5
(24 views)
Permalink
|
|
[Bug 55364] plain HTTP spoken on SSL port returns HTTP0.9 + HTML + no Content-Type + wrong Status
[In reply to]
|
|
https://issues.apache.org/bugzilla/show_bug.cgi?id=55364
Christoph Anton Mitterer <calestyo [at] scientia> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
--- Comment #2 from Christoph Anton Mitterer <calestyo [at] scientia> ---
Hi Eric.
I see...
Well... IMHO it's generally questionable, that when connecting to HTTPS and
that fails, that one get's HTTP back.
Under bad circumstances (stupid checks, which don't recognise that SSL
handshake failed) that content might be even "trusted"... (but of course that
would be a security problem in such clients... not Apache).
Anyway... IMHO, either nothing should be returned at all (which I'd probably
prefer), or a new enough HTTP versions should be used, so that _at least_ a
HTTP Status could be set that things gone wrong.
And if the HTTP version is not new enough to set a Content-Type, plain text
should be returned, not HTTP.
Anyway... as said.. I haven't looked up the RFCs whether they mandate any
behaviour in that case... so the above is just what I'd do out of common sense.
Cheers,
Chris.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe [at] httpd
For additional commands, e-mail: bugs-help [at] httpd
|
