https://issues.apache.org/bugzilla/show_bug.cgi?id=50823
--- Comment #7 from otheus <[email protected]> 2012-04-18 09:56:52 UTC --- Thanks, Stefan. Perhaps I'm confused, but all this patch does is add a CRLF so that an inline ErrorDocument 400 "HTTP/1.1 400 You requested a non-SSL resource from an SSL service" will actually be usable by conforming clients. Further, the line: "GET / HTTP/1.0" CRLF muddies the waters. Perhaps I don't understand the context that line is used in, but it seems to me that matches an input string from the client. I dont think that's at issue here. To clarify: >From a standards standpoint, I think it's absolutely incorrect to allow a port configured for SSL (SSLEngine = "on") to operate in any other way. An HTTP request should simply be closed, period. (If SSLEngine = "optional", then the server should act like a normal HTTP/1.1 server until the upgrade handshake is initiated.) Excepting that, the response should be one of 400 or 426. Maybe this should be user-configurable, but I think it matters not. Even a hardcoded response of 400 or 426 is better than what is there now. One possibly desirable behavior would be a redirect (301). -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
