Re: Redirecting to https URL when https port is accessed with http scheme

2018-10-05 Thread ettra lancelot 
Thank you for the detailed answer, Chris.

On Sat, Oct 6, 2018 at 2:41 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Etcy,
>
> On 10/5/18 14:57, ettra lancelot wrote:
> > I would like to know whether it's possible to configure tomcat to
> > automatically redirect to the https URL when https port is access
> > using http scheme instead of https*.*
>
> There is no way to get Tomcat to do this for you right now.
>
> There is, however, the possibility of adding such a feature to Tomcat.
>
> If you make an HTTP request to Apache httpd on a TLS-enabled port,
> you'll get a response that says "Looks like you made a mistake".
>
> In the past, that would have been a huge pain in the neck for Tomcat,
> since the TLS handshake was handled *entirely* by the underlying
> crypto system (e.g. JSSE or APR/OpenSSL). AIUI, that code has been
> re-written and Tomcat is buffering everything internally and probing
> the handshake, etc.
>
> It should therefore be possible to respond in the way you describe,
> but I'm not sure how much appetite there is for issuing a redirect
> rather than just an informational page such as the one httpd returns.
>
> Unfortunately, Bill is incorrect when he says that you can write a
> Filter for this. No application code will ever see a connection over a
> connection which failed a TLS handshake.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlu304gACgkQHPApP6U8
> pFgj9A//SR89S85mbNovDkiRLo/KzlAf64sNNd0RHSsrKkxnwnoGxMwFt2XVIJ5F
> aNELyTf/mI0UPAyJw6D3W30pWVDtmqjyWe/Xc3YBKCTbDfruxUEGiW3rcSt1jVus
> RmqirBN3baduSiVyF5CLktXr/82CfqQ0Z4XUtt6NK5Nh7Hz+l6Olt6D7VlP1fcpM
> 29Q9vEuC5dkmdLoZYOuCleWtKeHOv96nk7pWvOq6P81VAk9SUcUEk9cbVhPosCYV
> fdUf3ma8fwgJLLfz2LGZEf5Fdo4elRYTNI/OXTWQbJiuFg1umHURKjCoEhUXnzPf
> FZY6mQr2OM3Yo/iLGBiVRAxrUAVEhXZjLEVE0DuPugDtb1JDX7bCZDKkz6HH+mXy
> 8A8Ekm/A12I55StC2CMqLSzKErd1q06lT6Xt1y4z76IZe3O6LjGMFfIsTLRVI63w
> QG1vF2pVDniXyGYozUwPuudJ7to/M9Z1Ls57RKXDXgw8QPxF7waM5vTQuiQDE/DP
> ECJEnaVeGVtPeCekD8Me56ezAVDRFrDlQKcZD+8PguTGJGpIC7ubByCFgTp1PRZ0
> GxNA732h7zwTO8hSYzDTbnswwK17MJjYAezjz6ulnw178hJYSd05WJtPA1I8E798
> QmsCilXAdmp741/QjdE8cLkonmBZHrkE7tm09Jit34I9VlBg3as=
> =wLba
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Redirecting to https URL when https port is accessed with http scheme

2018-10-05 Thread ettra lancelot 
Hi,

I would like to know whether it's possible to configure tomcat to
automatically redirect to the https URL when https port is access using
http scheme instead of https*.*

For example, say I have configured an ssl connector on port 8443, if I
access the connector using http scheme (eg: http://localhost:8443) instead
of using https scheme, I'm receiving some meaningless characters  (refer
[1]). Instead, is it possible to make an automatic redirection to the https
url (eg: https://localhost:8443) ?

Few details about the setup.

- Tomcat version - 7.0.85
- SSL connector is configure on port 8443



- Added the following security-constrain to web.xml



HTTPSOnly
/*


CONFIDENTIAL



[1] - https://i.stack.imgur.com/1LVq7.png

Thank you,
Etcy.