-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Martynas,
On 10/6/18 06:31, Martynas Jusevičius wrote: > see also this thread: > https://mail-archives.apache.org/mod_mbox/tomcat-users/201808.mbox/%3C cae35vmwcm9dkxmvabofgjb5d_oa07a6mrjxwcgknksbzgjh...@mail.gmail.com%3E > > I did this with front nginx eventually. In this case, Ettra is wanting to make an HTTP request to an HTTPS service, which usually just fails to establish a TLS handshake. Instead of failing, Ettra would prefer to have Tomcat respond with an HTTP response with no encryption. This is how Apache httpd currently behaves: === CUT === $ telnet localhost 443 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET / Host: localhost HTTP/1.1 400 Bad Request Date: Wed, 10 Oct 2018 14:52:08 GMT Server: Apache/2 Content-Length: 432 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /> </p> <hr> <address>Apache/2 Server at phobos.chadis.com Port 443</address> </body></html> Connection closed by foreign host. === CUT === Tomcat will simply close the connection in its current implementation. - -chris > On Sat, Oct 6, 2018 at 7:29 AM ettra lancelot <ettra...@gmail.com> > wrote: >> >> Thank you for the detailed answer, Chris. >> >> On Sat, Oct 6, 2018 at 2:41 AM Christopher Schultz < >> ch...@christopherschultz.net> wrote: >> > Etcy, > > On 10/5/18 14:57, ettra lancelot wrote: >>>>> I would like to know whether it's possible to configure >>>>> tomcat to automatically redirect to the https URL when >>>>> https port is access using http scheme instead of https*.* > > There is no way to get Tomcat to do this for you right now. > > There is, however, the possibility of adding such a feature to > Tomcat. > > If you make an HTTP request to Apache httpd on a TLS-enabled port, > you'll get a response that says "Looks like you made a mistake". > > In the past, that would have been a huge pain in the neck for > Tomcat, since the TLS handshake was handled *entirely* by the > underlying crypto system (e.g. JSSE or APR/OpenSSL). AIUI, that > code has been re-written and Tomcat is buffering everything > internally and probing the handshake, etc. > > It should therefore be possible to respond in the way you > describe, but I'm not sure how much appetite there is for issuing a > redirect rather than just an informational page such as the one > httpd returns. > > Unfortunately, Bill is incorrect when he says that you can write a > Filter for this. No application code will ever see a connection > over a connection which failed a TLS handshake. > > -chris >>> >>> -------------------------------------------------------------------- - - >>> >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlu+El4ACgkQHPApP6U8 pFh7BA//WfMVYmUI97gCsgHuNIVwUbDnFYYJaiefGkexhW+ujQTqP+WeqPO4YJYW FqZ2d2ZJ+e6VWfb9poB9c/couTh9shyIefPGE6CBXLD0AaWXdbT6s9fzQEq9803f G3w9AnK20r4tCcE4bZkz5NWGcnvII8LVr78PR/QEuCkKMlabSMZ1hY12XrPXUO/3 IjGBdiuEqedLAOxrqp65ZXbZ5hKA5UXYSxIxrT+PN52TpncmIpVecJO29yjrTIAo cBFOoOqYP0I1ylvSTRTPMsk+1pNE9V+KxIyqwxGC24gJvE/x0U+xvvehj5NUlsFz IwHRolJ1iQYtE1OONEQ1jDtqGUjllme3JJ79cZFRDbhUgMum+4V91bK9Oou6Lrwq 85oIudC2kFc9CMoq7QocOaTJTMNVwLj2/xHZIO4tPXw7S1Tw3eHEyqe6vReWDlKf B7qQTqgA2EKFp3BZOLV94IazMxK/Gf5lBFyL9f9j4OVKunEiJ9NSNjmwB23vhsNT Kmz/RyvRHd0EF4127YwUqjVQqOeWfhnNivZRf4GQGX1AbrcrJBfVOgp60z+VI9lD iO/5u+zeFflocbvDHxEfDfWZZYdB1XXdH16ug6n6BaoERs/gRRNFAuEqP4Qk5joI CfDz3SDdaqI+Ve0PXMOINxm3EqtdgpCo5l6tl3U2h/ITxijYr4Q= =ULFh -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
