-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andreas,
On 3/25/2010 11:38 AM, Hagenlocher-Wemssen, Andreas wrote: > Unfortunately, it has to be open in case they use the ports on other > apps. One of the selling points. Ok, then I just have to live with > it. Yeah, I think you're stuck: all of the connecting mechanics happen at a level that is lower than either your client or your webapp's code: there's very little you can do, here. On the webapp's side, Tomcat won't even get a notification that a client /tried/ to connect because the SSL handshake will fail (from either end if HTTP is attempted on HTTPS). If the client uses HTTPS to connect to your HTTP service, Tomcat will end up replying with a 400 Bad Request response, which you /might/ be able to handle, yet not meaningfully (because there is no sane HTTP request). I dunno about Tomcat, but IIRC the default message for Apache httpd when you attempt to use HTTPS to connect to the (plain) HTTP server is that you get a message saying "It looks like you're speaking HTTPS to me", though the client might not read it properly since it's trying to use SSL to connect before it reads any of the response. Basically, everyone loses when you have an HTTP<->HTTPS mismatch. :( - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkurwtwACgkQ9CaO5/Lv0PAdQwCfZxobgiISCE8f0NeK5JJRu4vc LrAAn24UwWoZKaqsnpLIVxUGeDkl7DEC =pIMW -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
