Chris's Wiki :: blog/web/SplittingSSL Commentshttps://utcc.utoronto.ca/~cks/space/blog/web/SplittingSSL?atomcommentsDWiki2008-11-11T13:29:13ZRecent comments in Chris's Wiki :: blog/web/SplittingSSL.By Chris Siebenmann on /blog/web/SplittingSSLtag:CSpace:blog/web/SplittingSSL:67ceb4459d753fbdfce132c47b6509dc30fb7248Chris Siebenmann<div class="wikitext"><p>I learn something new all the time. You're right; this is more or less
<a href="http://www.ietf.org/rfc/rfc2817.txt">RFC 2817</a>. The drawback I see to
RFC 2817 is that it is explicitly a per connection thing, so you have
to make a dummy request every time you do subsequent connections for
more requests to the same site.</p>
<p>(There seems to be a bunch of opposition to RFC 2817, but most of what
I've read on a quick skim is from people who want it to carry trust as
well as opportunistic encryption, eg the discussion
<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=276813">here</a>.
I agree that it fails for that for precisely the reason that I
like the general idea.)</p>
</div>2008-11-11T13:29:13ZFrom 60.234.141.149 on /blog/web/SplittingSSLtag:CSpace:blog/web/SplittingSSL:855c5cb2773473887afb501bc83d8699ea70b59dFrom 60.234.141.149<div class="wikitext"><p>Is this not what RFC 2817 (Upgrading to TLS within HTTP/1.1) is all about? It has an "Connection: upgrade" header, and "101 Switching protocols" or "426 Upgrade required" reply from the server.
-- Perry Lorier</p>
</div>2008-11-11T06:33:59Z