[hunchentoot-devel] Hunchentoot standalone with and without ssl
If I am running Hunchentoot standalone with ssl, should it be able to handle requests that are NOT using ssl as well? Currently, I am getting the following error if I send a request to "http" and not "https": [2007-07-09 10:56:45 [ERROR]] Error while processing connection: A failure in the SSL library occurred on handle #.(SB-SYS:INT-SAP #X080EE6E0). (Return code: 1)SSL error queue: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request Do people normally start two servers, one w/ ssl and one w/o, if they want to be able to handle both types of requests? The requests would be to different resources, obviously. -austin -- Austin Haas Pet Tomato, Inc. http://pettomato.com
On Mon, 2007-07-09 at 11:06 -0400, Austin Haas wrote:
If I am running Hunchentoot standalone with ssl, should it be able to handle requests that are NOT using ssl as well? Currently, I am getting the following error if I send a request to "http" and not "https":
Just to get things clear: are you trying to do this on _one_ port (i.e. non-SSL connects on the same port as SSL)? Cheers, RalfD
Yes, one port. Maybe that is where my own internal logic is breaking down. I was thinking about one instance of Apache handling both ssl and non-ssl connections, though it uses separate ports. -austin -- Austin Haas Pet Tomato, Inc. http://pettomato.com On Mon Jul 09 17:17 , Ralf Mattes wrote:
On Mon, 2007-07-09 at 11:06 -0400, Austin Haas wrote:
If I am running Hunchentoot standalone with ssl, should it be able to handle requests that are NOT using ssl as well? Currently, I am getting the following error if I send a request to "http" and not "https":
Just to get things clear: are you trying to do this on _one_ port (i.e. non-SSL connects on the same port as SSL)?
Cheers, RalfD
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
Scribit Austin Haas dies 09/07/2007 hora 13:16:
Yes, one port. Maybe that is where my own internal logic is breaking down.
Well, I don't know about earlier versions of SSL, and which ones Hunchentoot handles, but TLS has a START-TLS command that enables the use of the same port for clear and encrypted communications. Duplication of ports for secure channels would be a nightmare if it was generalized. Quickly, Pierre -- nowhere.man@levallois.eu.org OpenPGP 0xD9D50D8A
On Mon, 9 Jul 2007 13:16:11 -0400, Austin Haas <austin@pettomato.com> wrote:
Yes, one port. Maybe that is where my own internal logic is breaking down. I was thinking about one instance of Apache handling both ssl and non-ssl connections, though it uses separate ports.
You'll have to start two different Hunchentoot servers (one for each port, one SSL and one not) then. As a result, you'll have one Lisp image handling all connections which is very similar to the Apache setup. Edi.
participants (4)
-
Austin Haas -
Edi Weitz -
Pierre THIERRY -
Ralf Mattes