Joshua Slive wrote:
On 7/5/06, Qingshan Xie <[EMAIL PROTECTED]> wrote:
Hi, Boyle,
I have a related question. We'd like to implement
a SSL-Login on a HTTP(port 80) webServer to secure the
userId/password. This means, whenever a site needs
the authentication, the webServer redirects it to
HTTPS server for processing. However, this is pretty
annoying since it prompts security alerts such as "...
from none secure site to a secure site ..." or "...
from secure site to a none secure site ...", etc.
Notice the new feature of Apach 2.2.x, the new
function added in mod_ssl to support RFC 2817, which
allows connections to upgrade from clear text to TLS
encryption. Can this new feature fulfill our requests
to convert HTTP to HTTPS in a single Apache webServer?
Will we still get the security alerts?
No, you can't use that feature. It is not supported by any
widely-deployed browsers, as mentioned in the docs fro the SSLEngine
directive.
This suggests an interesting feature, however, during this transition
period. It would be good if http would fall back on an external redirect
if the upgrade is required by the server, but the client is not capable
of the upgrade.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
