httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philip Wigg <p...@philipwigg.co.uk>
Subject Re: [users@httpd] RE: Question about HTTPS without SSL???
Date Fri, 05 Mar 2010 08:45:14 GMT
On 5 March 2010 08:00, Francisco Javier Morales López de Gamarra
<fmorales_htw@hotmail.com> wrote:
>
> Because ..... could I try to use a ErrorDocument or Redirect 302
>
> directive for inform that the page is not available and that try woth no ssl address?

It's not possible because the SSL negotiation takes place before the
HTTP request. So to send a page of HTML, or a 301 or 302 redirect then
you'd already have to have completed the SSL negotiation and this
means that the user will already have been warned if you don't have a
valid SSL certificate.

Turning SSLEngine too 'off' won't help either as a browser connecting
to a https site is expecting SSL so you'll just get an error. There
really is no way to avoid getting the browser warning if you don't
have a valid cert, whilst still connecting with SSL.

Cheers,
Phil.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message