-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andreas,

On 3/25/2010 11:38 AM, Hagenlocher-Wemssen, Andreas wrote:
> Unfortunately, it has to be open in case they use the ports on other
> apps. One of the selling points. Ok, then I just have to live with
> it.

Yeah, I think you're stuck: all of the connecting mechanics happen at a
level that is lower than either your client or your webapp's code:
there's very little you can do, here.

On the webapp's side, Tomcat won't even get a notification that a client
/tried/ to connect because the SSL handshake will fail (from either end
if HTTP is attempted on HTTPS). If the client uses HTTPS to connect to
your HTTP service, Tomcat will end up replying with a 400 Bad Request
response, which you /might/ be able to handle, yet not meaningfully
(because there is no sane HTTP request).

I dunno about Tomcat, but IIRC the default message for Apache httpd when
you attempt to use HTTPS to connect to the (plain) HTTP server is that
you get a message saying "It looks like you're speaking HTTPS to me",
though the client might not read it properly since it's trying to use
SSL to connect before it reads any of the response.

Basically, everyone loses when you have an HTTP<->HTTPS mismatch. :(

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkurwtwACgkQ9CaO5/Lv0PAdQwCfZxobgiISCE8f0NeK5JJRu4vc
LrAAn24UwWoZKaqsnpLIVxUGeDkl7DEC
=pIMW
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to