On Sunday, June 29, 2014, 12:43:39 PM, Toralf Förster wrote: > /mew wonders if wireshark should print a warning if a http traffic goes > over port 443 (eg a TRAC temporarily configured at that port instead of > 80) but is not encrypted, currently those packets are marked as "SSL" > but they aren't secure.
Note that I believe Apache's (and other servers', no doubt) normal behaviour is to auto-detect whether the client is speaking plain HTTP or TLS, and back off to plain HTTP over port 443, *BUT* to deliver 400 Bad Request responses to any attempt to do so. So there are actually two different thing you might want to be aware of here: 1) Clients wrongly attempting plain HTTP over the TLS port, which is solely a client issue. It may be a buggy client, a mis-written webpage/link delivered by other means which specifies the wrong port, or it could be a malicious attempt to access normal protected services unencrypted. This would be true even if the server protects itself and always refuses service. The server operator may not have much control over this, and it might be quite noisy. 2) Servers actually allowing unencrypted service over that port, which is likely a rather more serious issue and usually deserves to be squashed with extreme prejudice. John -- Dead stars still burn ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
