[thelist] IE and redirect to SSL
Ken Schaefer
Ken at adOpenStatic.com
Thu Jun 22 22:10:33 CDT 2006
: -----Original Message-----
: From: thelist-bounces at lists.evolt.org [mailto:thelist-
: bounces at lists.evolt.org] On Behalf Of Bill Moseley
: Subject: Re: [thelist] IE and redirect to SSL
:
: Well, this is an obscure bug, so no point keeping this thread going.
:
: On Thu, Jun 22, 2006 at 04:02:16PM +0100, Lee kowalkowski wrote:
: > On 22/06/06, Bill Moseley <moseley at hank.org> wrote:
: > > $ GET -Sd http://infopeople.org:82/login
: > > GET http://infopeople.org:82/login --> 302 Found
: > > GET https://infopeople.org:1443/login --> 200 OK
: >
: > You haven't said you've got a problem fetching the HTML, but the CSS,
: > JS and images. What do these requests look like (when from IE)?
:
: They look wrong, although I only have ethereal and it can't decode
: the encrypted requests (I think there's away, though.)
Ethereal natively will not be able to tell you what's at the HTTP layer of
those packets. That is why I asked you to use the IE Fiddler tool
However, Ethereal will be able to tell you the TCP port number(s) that the
requests are going to. You can verify whether IE is connecting to 82 or 1443
on the remote machine.
: But I see those weird log entries in Apache log for port *82*.
:
: 192.168.1.32 - - [22/Jun/2006:10:36:10 -0700] "\x16\x03" 200 7747 "-"
: "-"
: 192.168.1.32 - - [22/Jun/2006:10:36:11 -0700] "\x16\x03" 200 7743 "-"
: "-"
:
: My *guess* is IE is encrypting the the requests (for style.css, etc)
: but then sending out the request on the wrong socket.
IE does not handle SSL encryption. LSASS does. But whatever is happening,
your server is responding with 200 OK, so it thinks that the requests are
valid HTTP requests. So it may be that Apache is logging incorrectly or
something...
: And it drives me crazy using IE that I have to put in http:// when
: using a non-standard port. Can't it assume if I leave off the scheme
: that I want http since I'm using a web browser?
a) IE is more than a web-browser. From within your IExplore process you can
connect via HTTP, FTP, Gopher, SMB/CIFS - lots of protocols
b) IE makes assumptions about all sorts of things (your HTML, MIME types) and
people are up-in-arms. What would happen if IE assumed that you wanted to use
HTTP when connecting to port 21? People would be up-in-arms about that too.
You can't have it both ways.
As mentioned - if you actually want to solve this issue, rather than just
blaming IE/complaining about IE, then some steps have been
proposed/information asked of you.
Cheers
Ken
--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
Tech.Ed Sydney: learn all about IIS 7.0 - See you there!
More information about the thelist
mailing list