On 7/5/06, Qingshan Xie <xieq_49@xxxxxxxxx> wrote:
Hi, Boyle, I have a related question. We'd like to implement a SSL-Login on a HTTP(port 80) webServer to secure the userId/password. This means, whenever a site needs the authentication, the webServer redirects it to HTTPS server for processing. However, this is pretty annoying since it prompts security alerts such as "... from none secure site to a secure site ..." or "... from secure site to a none secure site ...", etc. Notice the new feature of Apach 2.2.x, the new function added in mod_ssl to support RFC 2817, which allows connections to upgrade from clear text to TLS encryption. Can this new feature fulfill our requests to convert HTTP to HTTPS in a single Apache webServer? Will we still get the security alerts?
No, you can't use that feature. It is not supported by any widely-deployed browsers, as mentioned in the docs fro the SSLEngine directive. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx