SSL and HTTP 0.9

Manlio Perillo manlio_perillo at
Sat Dec 1 14:16:52 MSK 2007

Igor Sysoev ha scritto:
> On Sat, Dec 01, 2007 at 11:15:47AM +0100, Manlio Perillo wrote:
>> An user (symlynX) on the nginx IRC channel at Freenode reported that an 
>> HTTPS server returns unencrypted pages when a plain HTTP 0.9 request is 
>> received.
>> He claims that this is a security problem, but I disagree (since when 
>> ssl_verify_client is enabled, nginx correctly returns an error), however 
>> I'm just curious to know why nginx behaves in this way.
> Yes, I do not consider it as security bug, it's a usual bug.

Ah, so its actually a bug :).

> The attached patch that fixes it.

Ok, tested.

Manlio Perillo

More information about the nginx mailing list