HTTPS question

HTTPS question
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
HTTPS question Rich Fife 02-14-2008
Posted by Sebastian G. on February 14, 2008, 6:03 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Rich Fife wrote:


> Ah. I get it. I was going straight for GET and PUT without using
> CONNECT. That's the magic word I was looking for.


PUT isn't even part of HTTP, but rather of its extension WebDAV.

Posted by Bruce Stephens on February 14, 2008, 6:12 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

> PUT isn't even part of HTTP, but rather of its extension WebDAV.

It's less commonly used than GET, but it's surely part of HTTP.

Posted by Sebastian G. on February 14, 2008, 6:49 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Bruce Stephens wrote:

>
>> PUT isn't even part of HTTP, but rather of its extension WebDAV.
>
> It's less commonly used than GET, but it's surely part of HTTP.


At least for HTTP 1.0 this is wrong. Quoting RFC1945:

| These appendices are provided for informational reasons only -- they
| do not form a part of the HTTP/1.0 specification.
| [...]
| D.1.1 PUT

That is, one should expect an error 400 and not just 501.

Posted by Rich Fife on February 14, 2008, 7:36 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> Bruce Stephens wrote:
>
> >> PUT isn't even part of HTTP, but rather of its extension WebDAV.
>
> > It's less commonly used than GET, but it's surely part of HTTP.
>
> At least for HTTP 1.0 this is wrong. Quoting RFC1945:
>
> | These appendices are provided for informational reasons only -- they
> | do not form a part of the HTTP/1.0 specification.
> | [...]
> | D.1.1 PUT
>
> That is, one should expect an error 400 and not just 501.

I'm using 1.1, so I should be fine. Thanks for the info guys! I
should have made more of a point that a proxy was involved. My
original post was kind of disorganized.

-- Rich --

Posted by Bruce Stephens on February 14, 2008, 6:08 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

> So I do an SSL handshake directly with the proxy and then it
> handshakes with the server? If I don't, how does the proxy know what
> server I want (it's only in the (encrypted) HTTP header)?

Ah. I was forgetting you had a proxy. I've no idea how HTTP SSL
proxies work in reality. You've got a working proxy, so you could try
a web browser suitably configured and ethereal, and see what it's
doing? Or check if the proxy supports RFC 2817, and implement that
(apparently web clients don't)?

Sorry, my fault. I had read "proxy" but somehow forgot it.

Similar ThreadsPosted
Https question August 21, 2005, 12:28 am
A basic/newbie question on https. January 30, 2008, 8:55 pm
HTTPS and URL encoding May 26, 2004, 7:04 pm
SSL/https De-encryption July 6, 2004, 9:15 am
How does HTTPS/SSL work? November 24, 2004, 3:40 pm
Https funda August 11, 2005, 8:09 am
https + security April 1, 2008, 7:02 pm
Re: https + security April 2, 2008, 12:40 am
https / proxy problem January 11, 2006, 10:59 am
HTTPS but still non secure form? March 14, 2006, 4:39 am

The site map in XML format XML site map

Contact Us | Privacy Policy