Hi.
An user (symlynX) on the nginx IRC channel at Freenode reported that an
HTTPS server returns unencrypted pages when a plain HTTP 0.9 request is
received.
He claims that this is a security problem, but I disagree (since when
ssl_verify_client is enabled, nginx correctly returns an error), however
I’m just curious to know why nginx behaves in this way.
Thanks Manlio P.
On Sat, Dec 01, 2007 at 11:15:47AM +0100, Manlio P. wrote:
An user (symlynX) on the nginx IRC channel at Freenode reported that an
HTTPS server returns unencrypted pages when a plain HTTP 0.9 request is
received.He claims that this is a security problem, but I disagree (since when
ssl_verify_client is enabled, nginx correctly returns an error), however
I’m just curious to know why nginx behaves in this way.
Yes, I do not consider it as security bug, it’s a usual bug.
The attached patch that fixes it.
Igor S. ha scritto:
Yes, I do not consider it as security bug, it’s a usual bug.
Ah, so its actually a bug :).
The attached patch that fixes it.
Ok, tested.
Manlio P.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs