SSL and HTTP 0.9

Manlio Perillo manlio_perillo at
Sat Dec 1 13:15:47 MSK 2007


An user (symlynX) on the nginx IRC channel at Freenode reported that an 
HTTPS server returns unencrypted pages when a plain HTTP 0.9 request is 

He claims that this is a security problem, but I disagree (since when 
ssl_verify_client is enabled, nginx correctly returns an error), however 
I'm just curious to know why nginx behaves in this way.

Thanks  Manlio Perillo

More information about the nginx mailing list