Re: Redirecting to https URL when https port is accessed with http scheme

2018-10-05 Thread ettra lancelot
Thank you for the detailed answer, Chris.

On Sat, Oct 6, 2018 at 2:41 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Etcy,
>
> On 10/5/18 14:57, ettra lancelot wrote:
> > I would like to know whether it's possible to configure tomcat to
> > automatically redirect to the https URL when https port is access
> > using http scheme instead of https*.*
>
> There is no way to get Tomcat to do this for you right now.
>
> There is, however, the possibility of adding such a feature to Tomcat.
>
> If you make an HTTP request to Apache httpd on a TLS-enabled port,
> you'll get a response that says "Looks like you made a mistake".
>
> In the past, that would have been a huge pain in the neck for Tomcat,
> since the TLS handshake was handled *entirely* by the underlying
> crypto system (e.g. JSSE or APR/OpenSSL). AIUI, that code has been
> re-written and Tomcat is buffering everything internally and probing
> the handshake, etc.
>
> It should therefore be possible to respond in the way you describe,
> but I'm not sure how much appetite there is for issuing a redirect
> rather than just an informational page such as the one httpd returns.
>
> Unfortunately, Bill is incorrect when he says that you can write a
> Filter for this. No application code will ever see a connection over a
> connection which failed a TLS handshake.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlu304gACgkQHPApP6U8
> pFgj9A//SR89S85mbNovDkiRLo/KzlAf64sNNd0RHSsrKkxnwnoGxMwFt2XVIJ5F
> aNELyTf/mI0UPAyJw6D3W30pWVDtmqjyWe/Xc3YBKCTbDfruxUEGiW3rcSt1jVus
> RmqirBN3baduSiVyF5CLktXr/82CfqQ0Z4XUtt6NK5Nh7Hz+l6Olt6D7VlP1fcpM
> 29Q9vEuC5dkmdLoZYOuCleWtKeHOv96nk7pWvOq6P81VAk9SUcUEk9cbVhPosCYV
> fdUf3ma8fwgJLLfz2LGZEf5Fdo4elRYTNI/OXTWQbJiuFg1umHURKjCoEhUXnzPf
> FZY6mQr2OM3Yo/iLGBiVRAxrUAVEhXZjLEVE0DuPugDtb1JDX7bCZDKkz6HH+mXy
> 8A8Ekm/A12I55StC2CMqLSzKErd1q06lT6Xt1y4z76IZe3O6LjGMFfIsTLRVI63w
> QG1vF2pVDniXyGYozUwPuudJ7to/M9Z1Ls57RKXDXgw8QPxF7waM5vTQuiQDE/DP
> ECJEnaVeGVtPeCekD8Me56ezAVDRFrDlQKcZD+8PguTGJGpIC7ubByCFgTp1PRZ0
> GxNA732h7zwTO8hSYzDTbnswwK17MJjYAezjz6ulnw178hJYSd05WJtPA1I8E798
> QmsCilXAdmp741/QjdE8cLkonmBZHrkE7tm09Jit34I9VlBg3as=
> =wLba
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


Re: Redirecting to https URL when https port is accessed with http scheme

2018-10-05 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Etcy,

On 10/5/18 14:57, ettra lancelot wrote:
> I would like to know whether it's possible to configure tomcat to 
> automatically redirect to the https URL when https port is access
> using http scheme instead of https*.*

There is no way to get Tomcat to do this for you right now.

There is, however, the possibility of adding such a feature to Tomcat.

If you make an HTTP request to Apache httpd on a TLS-enabled port,
you'll get a response that says "Looks like you made a mistake".

In the past, that would have been a huge pain in the neck for Tomcat,
since the TLS handshake was handled *entirely* by the underlying
crypto system (e.g. JSSE or APR/OpenSSL). AIUI, that code has been
re-written and Tomcat is buffering everything internally and probing
the handshake, etc.

It should therefore be possible to respond in the way you describe,
but I'm not sure how much appetite there is for issuing a redirect
rather than just an informational page such as the one httpd returns.

Unfortunately, Bill is incorrect when he says that you can write a
Filter for this. No application code will ever see a connection over a
connection which failed a TLS handshake.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlu304gACgkQHPApP6U8
pFgj9A//SR89S85mbNovDkiRLo/KzlAf64sNNd0RHSsrKkxnwnoGxMwFt2XVIJ5F
aNELyTf/mI0UPAyJw6D3W30pWVDtmqjyWe/Xc3YBKCTbDfruxUEGiW3rcSt1jVus
RmqirBN3baduSiVyF5CLktXr/82CfqQ0Z4XUtt6NK5Nh7Hz+l6Olt6D7VlP1fcpM
29Q9vEuC5dkmdLoZYOuCleWtKeHOv96nk7pWvOq6P81VAk9SUcUEk9cbVhPosCYV
fdUf3ma8fwgJLLfz2LGZEf5Fdo4elRYTNI/OXTWQbJiuFg1umHURKjCoEhUXnzPf
FZY6mQr2OM3Yo/iLGBiVRAxrUAVEhXZjLEVE0DuPugDtb1JDX7bCZDKkz6HH+mXy
8A8Ekm/A12I55StC2CMqLSzKErd1q06lT6Xt1y4z76IZe3O6LjGMFfIsTLRVI63w
QG1vF2pVDniXyGYozUwPuudJ7to/M9Z1Ls57RKXDXgw8QPxF7waM5vTQuiQDE/DP
ECJEnaVeGVtPeCekD8Me56ezAVDRFrDlQKcZD+8PguTGJGpIC7ubByCFgTp1PRZ0
GxNA732h7zwTO8hSYzDTbnswwK17MJjYAezjz6ulnw178hJYSd05WJtPA1I8E798
QmsCilXAdmp741/QjdE8cLkonmBZHrkE7tm09Jit34I9VlBg3as=
=wLba
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Redirecting to https URL when https port is accessed with http scheme

2018-10-05 Thread Bill Harrelson
Well, not a configuration, you could write and register a filter that 
sends a re-direct.


You have to do something similar to this (but in reverse):
https://stackoverflow.com/questions/9389211/using-filters-to-redirect-from-https-to-http

On 10/5/2018 3:23 PM, Gillett, Phil wrote:

Hello:
   Perfect timing!!
   I've been assigned at my job to apply something similar with Tomcat and 
Footprints 12, and have had some issues.
   I hope someone has a solution, and I thank you in advance!

Phil G.

-Original Message-
From: ettra lancelot 
Sent: Friday, October 5, 2018 1:57 PM
To: users@tomcat.apache.org
Subject: Redirecting to https URL when https port is accessed with http scheme

Hi,

I would like to know whether it's possible to configure tomcat to automatically 
redirect to the https URL when https port is access using http scheme instead 
of https*.*

For example, say I have configured an ssl connector on port 8443, if I access 
the connector using http scheme (eg: http://localhost:8443) instead of using 
https scheme, I'm receiving some meaningless characters  (refer [1]). Instead, 
is it possible to make an automatic redirection to the https url (eg: 
https://localhost:8443) ?

Few details about the setup.

- Tomcat version - 7.0.85
- SSL connector is configure on port 8443



- Added the following security-constrain to web.xml

 
 
 HTTPSOnly
 /*
 
 
 CONFIDENTIAL
 
 

[1] - https://i.stack.imgur.com/1LVq7.png

Thank you,
Etcy.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: Redirecting to https URL when https port is accessed with http scheme

2018-10-05 Thread Gillett, Phil
Hello:
  Perfect timing!!
  I've been assigned at my job to apply something similar with Tomcat and 
Footprints 12, and have had some issues.
  I hope someone has a solution, and I thank you in advance!

Phil G.

-Original Message-
From: ettra lancelot  
Sent: Friday, October 5, 2018 1:57 PM
To: users@tomcat.apache.org
Subject: Redirecting to https URL when https port is accessed with http scheme

Hi,

I would like to know whether it's possible to configure tomcat to automatically 
redirect to the https URL when https port is access using http scheme instead 
of https*.*

For example, say I have configured an ssl connector on port 8443, if I access 
the connector using http scheme (eg: http://localhost:8443) instead of using 
https scheme, I'm receiving some meaningless characters  (refer [1]). Instead, 
is it possible to make an automatic redirection to the https url (eg: 
https://localhost:8443) ?

Few details about the setup.

- Tomcat version - 7.0.85
- SSL connector is configure on port 8443



- Added the following security-constrain to web.xml



HTTPSOnly
/*


CONFIDENTIAL



[1] - https://i.stack.imgur.com/1LVq7.png

Thank you,
Etcy.


Redirecting to https URL when https port is accessed with http scheme

2018-10-05 Thread ettra lancelot
Hi,

I would like to know whether it's possible to configure tomcat to
automatically redirect to the https URL when https port is access using
http scheme instead of https*.*

For example, say I have configured an ssl connector on port 8443, if I
access the connector using http scheme (eg: http://localhost:8443) instead
of using https scheme, I'm receiving some meaningless characters  (refer
[1]). Instead, is it possible to make an automatic redirection to the https
url (eg: https://localhost:8443) ?

Few details about the setup.

- Tomcat version - 7.0.85
- SSL connector is configure on port 8443



- Added the following security-constrain to web.xml



HTTPSOnly
/*


CONFIDENTIAL



[1] - https://i.stack.imgur.com/1LVq7.png

Thank you,
Etcy.