Forum OpenACS Q&A: SSL and Standard Port both on 80? How?

Collapse
1: SSL and Standard Port both on 80? How?
Posted by Peter Breugel on 12/13/01 09:49 AM
Hi,

what must be done to let http and https be both on the same
port 80? Just set both ports in the config file to it? Or is
there a little bit more to consider?

Thank you,
Peter.

Collapse
2: Response to SSL and Standard Port both on 80? How? (response to 1)
Posted by C. R. Oldham on 12/13/01 03:55 PM
I'm not sure you can do that because of the ssl negotiation that occurs when the connection is is opened.  May I ask why you want to?
Collapse
3: Response to SSL and Standard Port both on 80? How? (response to 1)
Posted by Miguel Gonzalez on 12/13/01 05:05 PM
As far as I know you only can have one service in every port, only the protocol can be tcp or udp, but I never have seen two different services in the same port, besides, the daemon when it is started is "attached" to a port, means that there is one daemon listening in that port. You only could change the protocol between a client and a server in a client that is aware of such change (you could program one), starting the negotiation in plain text and afterwards using encryption, but I doubt that browsers can do that.Anyway take into account that in the a browser for starting a SSL connection you should use https instead of http. Try out and let us know.
Collapse
4: Response to SSL and Standard Port both on 80? How? (response to 1)
Posted by Tom Jackson on 12/13/01 07:08 PM

You can't do that. A particular driver is bound to the address:port at startup, and only one would succeed. Probably AOLserver would fail to start in such a situation. To test it, just set the nsssl port, and the nssock port to 80 and start it up.

Collapse
5: Response to SSL and Standard Port both on 80? How? (response to 1)
Posted by C. R. Oldham on 12/13/01 07:10 PM
Peter, you know that the standard port for ssl is 443, right?
Collapse
6: Response to SSL and Standard Port both on 80? How? (response to 1)
Posted by Peter Breugel on 12/14/01 11:58 AM
Hi C.R.,

yes, I know 😊

After reading my post again, I see, it might not be obvious 😊

The question came up after a short discussion with a friend that is a security fanatic person and wanted to reduce the number of open ports dramatically. I shouldn't have asked this question, it seems to be a "strange to silly" approach wanting to do something like that. People with more knowledge about ports/services, please ignore it...

Peter.

Collapse
7: Response to SSL and Standard Port both on 80? How? (response to 1)
Posted by Ng Pheng Siong on 12/15/01 06:25 PM
It is not as silly as it sounds, but I don't think there is any current code that does what is being asked.

There is an RFC though, title is something like "Upgrading to TLS within HTTP". This is HTTP's analogue to SMTP/FTP/etc.'s START_TLS protocol option.

Cheers.