On Thu, May 03, 2007 at 02:43:41PM -0400, Daniel Kahn Gillmor wrote: > Don is pointing out that the case where this is triggered (inside the > VirtualHost :80 container) doesn't guarantee that https is actually > not being used. That is correct, but the subscribed people here are admins - they should know their servers ;-) I know that my server has no https on tcp/80. BTW: many browsers as well as proxies deny https on ports !=443. Of course, this does not guarantee security at all. > That is, activity on port 80 implies (but does not guarantee) that TLS > is not in use. And activity on port 443 implies (but does not > guarantee) that TLS *is* in use. Testing that the HTTPS environment > variable provided by mod_ssl is set to "on" guarantees that TLS is > actually in use. This is what SSLRequireSSL is ment for. Rainer ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
