[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-modssl
Subject: SSLEngine optional and SSLRequireSSL ?
From: Rémi_Denis-Courmont <rdenis () simphalempin ! com>
Date: 2007-02-16 19:23:34
Message-ID: 200702162123.37332 () auguste ! remlab ! net
[Download RAW message or body]
Hello,
It seems that SSLRequireSSL prevents TLS Upgrade from working at all, or
I got something wrong. Still, I have not been able to find out how to
force TLS Upgrade on a SSLEngine optional... If I use SSLRequireSSL,
Apache will properly return 426 whenever a client performs an
unencrypted request, but that will block the TLS Upgrade request itself
too (since it is not encrypted either).
I've tried that but that does not seem to work either (plus I am not
sure if allowing unencryted OPTIONS is actually safe):
<LimitExcept OPTIONS>
SSLRequireSSL
</LimitExcept>
This is a sample:
OPTIONS * HTTP/1.1
Host: www.example.com
Upgrade: TLS/1.0
Connection: Upgrade
HTTP/1.1 426 Upgrade Required
Date: Fri, 16 Feb 2007 18:54:30 GMT
Server: Apache/2.2
Upgrade: TLS/1.0, HTTP/1.1
Connection: Upgrade
Content-Length: 459
...
Has anyone been able to work around this chicken-and-egg problem?
Regards,
--
Rémi Denis-Courmont
http://www.remlab.net/
[Attachment #3 (application/pgp-signature)]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic