ons 2009-07-08 klockan 15:16 +1200 skrev Amos Jeffries: > CONNECT to port-80 by default is IMO not an option. It pretty much > defeats all the other HTTP-level security measures.
For what it's worth, RFC2817 Upgrading to TLS Within HTTP/1.1 requires CONNECT to be accepted to port 80. Not that I really know of anyone who uses this "standards-track" method of TLS/SSL encrypting HTTP, just plain old HTTP over TLS/SSL (https). Regards Henrik