On Thu, Nov 05, 1998, Jan Wedekind wrote:
> > Wait! On _ALL_ my testings on en1.engelschall.com I use port 8080 for HTTP an
> > d
> > 8443 for HTTPS because en1 also runs the non-testing Apache+mod_ssl on 80/443
>
> Well, now I got the message and may explain the behaviour
> (which I tried before)
>
> I (and also the other writer to the list) made the following:
> Setting up a Testserver on any Port (e.g. 8080), and also an SSL-Test
> on another port (e.g. 8888), but then connecting with SSL to
> the Non-SSL Port with:
>
> https://server:8080/
>
> Of course here the Server will hang around, because the SSL-Header
> will not be usefull nor even a correctly HTTP Header to the
> standard apache core (at least missing <CR><LF>).
Yeah, this doesn't work, of course. The other way around (i.e. accessing the
SSL-port with https://...) is checked by mod_ssl and you should get a HTML
error page. Perhaps we should add a similar check for the HTTP port, too. Is
there a magic cookie in the first bytes of the SSL protocol which we can check
for on the HTTP port through some low-level hook?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]