SSL and HTTP 0.9

Manlio Perillo manlio_perillo at libero.it
Sat Dec 1 13:15:47 MSK 2007


Hi.

An user (symlynX) on the nginx IRC channel at Freenode reported that an 
HTTPS server returns unencrypted pages when a plain HTTP 0.9 request is 
received.

He claims that this is a security problem, but I disagree (since when 
ssl_verify_client is enabled, nginx correctly returns an error), however 
I'm just curious to know why nginx behaves in this way.



Thanks  Manlio Perillo





More information about the nginx mailing list