> -----Original Message-----
> From: Issac Goldstand [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 10, 2001 10:44 AM
> To: Geoffrey Young; 'João Pedro Gonçalves'; brian moseley
> Cc: [EMAIL PROTECTED]
> Subject: Re: detecting ssl
>
>
> Not necessarily. I could easily set up any virtualhost on
> port 443 which
> will be accessable by https://nasty.servername/ but will, in
> reality, not
> necessarily be over a secure connection.
what would negotiate the https protocol then? its not like you can just set
up to listen on 443, make
a an http request, and Apache will serve it - at least not through a browser
or telnet.
but maybe there are ways to spoof the SSL layer?
> $ENV{HTTPS}, on the
> other hand, is
> set by mod_ssl, and is therefore a better sign to know that
> the connection
> is really secure.
that's good to know... thanks
--Geoff
