Ignore this bit below; I was reading 2817 against 7230 and hadn't driven down into the 7231 spec yet, and apparently forgot to snip it before clicking send... the insistence on 426 vs poor advise to use 505 still stands
On Wed, Dec 9, 2015 at 11:19 AM, William A Rowe Jr <[email protected]> wrote: > > This leaves a lot of stuff out from the original RFC2817 definition of 426... > > 4.2 Mandatory Advertisement > > A server MAY indicate that a client request can not be completed > without TLS using the "426 Upgrade Required" status code, which MUST > include an an Upgrade header field specifying the token of the > required TLS version. > > HTTP/1.1 426 Upgrade Required > Upgrade: TLS/1.0, HTTP/1.1 > Connection: Upgrade > > The server SHOULD include a message body in the 426 response which > indicates in human readable form the reason for the error and > describes any alternative courses which may be available to the user. > > Note that even if a client is willing to use TLS, it must use the > operations in Section 3 to proceed; the TLS handshake cannot begin > immediately after the 426 response. > >
