From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <rack-devel+bncBD75LW742ECRBGWW27BAKGQEE6ZUAHY@googlegroups.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Status: No, score=-5.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no
	version=3.4.0
Received: from mail-pf0-f188.google.com (mail-pf0-f188.google.com [209.85.192.188])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by dcvr.yhbt.net (Postfix) with ESMTPS id A11101FF76
	for <e@80x24.org>; Sun, 18 Dec 2016 01:49:15 +0000 (UTC)
Received: by mail-pf0-f188.google.com with SMTP id 17sf26199758pfy.0
        for <e@80x24.org>; Sat, 17 Dec 2016 17:49:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20161025;
        h=sender:mime-version:in-reply-to:references:from:date:message-id
         :subject:to:x-original-sender:x-original-authentication-results
         :reply-to:precedence:mailing-list:list-id:x-spam-checked-in-group
         :list-post:list-help:list-archive:list-subscribe:list-unsubscribe;
        bh=6T9ajtnRSz4ngtjKESh9J9OPjogx5FUOsgAzMggBiTo=;
        b=eONUwm32DuOHaeEbqZa8EWNrW3yDyY+NwB9dteaVJzBXpMzjt1d6l4TUZtaxBpG2jc
         OdVaVyjSzEoGCvRTqt16HfsAm0F/bxGbhfOVRk/5r0rufyoWInTL8bq2o/dnSGnXpHCK
         J3eJgg913rhOTKGNsA1PfRDWiZsIz6eNcFfzUEuDGpjlZkzRlq+Q6s7BXcgYUh6OOubk
         FwT2HUu5lxx2/joOdIr8Wxwu7yjBEUtpG72RaP5QZnzVfWnHgui6bzR2eivOD5+kHJxz
         L9nlRJbQ083O55Q0yZhAH0MhLvDfdVHt+BfzP1TY/otUSmLlfACJ7pYksnOlIAAMSo2N
         8R9g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :x-original-sender:x-original-authentication-results:reply-to
         :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post
         :list-help:list-archive:list-subscribe:list-unsubscribe;
        bh=6T9ajtnRSz4ngtjKESh9J9OPjogx5FUOsgAzMggBiTo=;
        b=GShXtY3g3a6klieqGitaFFpnPiwlZdLHXFiSfeippw1yqsrfR4UyghCc8h45taZDky
         y7KjQ75VNPePpbe4TLuSTY7jceMC5pIKnX7t/1e3d6mj1a7cEU1w7OCFf98Z2yMLduRo
         7JxsqhDDOKLSrWbp6PCE5es9JCB2tGbXnyMBhtBc4/b+rWDdiGwIAWRSj8bEdXg2x8+H
         mc0Mu65Qfo5EMlGeHzo6DYlSc1eZtMleoPKuru5nOVsxAtfMRKLGSWCheSl4iqBWVANB
         MBP5PCLfArHyRhHWQvGNQjtqH+1cKTVGhOYBo4/bg8WqFQQyzA8r+WiLCJKNWCHvI2gA
         D0Xw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=sender:x-gm-message-state:mime-version:in-reply-to:references:from
         :date:message-id:subject:to:x-original-sender
         :x-original-authentication-results:reply-to:precedence:mailing-list
         :list-id:x-spam-checked-in-group:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=6T9ajtnRSz4ngtjKESh9J9OPjogx5FUOsgAzMggBiTo=;
        b=F3ceRCfKtmn8h0vkIHXBP616gSSV3me81o5/241Z/Pi0vPOCExSZCA78zRebwl/Ivq
         Vy1qjIDxK9TUm/BmSN57n8ZFWTh93cbCLmsa4G8bboRLNbIRVPHL6cWP93iTT0d5l2F+
         OnloQdvtGa0H7GmKU17KIxP/K1adZQbnxlbRox1d2cdWiiFpiYugYxoJeHKXBA/gYtf2
         S3uIVRSV9/S8feDY/VVDeWsIAoX2lo2XlZmpAU75YUfJqQHDyroN7B8hyNOznmc8pc7F
         8ePWEpOlK0slRUpNYQ/FpQmeJEipOnLmm35LhG5ZTW9aeltRPPkbFvN6gL6r5L0U5bGd
         6jKg==
Sender: rack-devel@googlegroups.com
X-Gm-Message-State: AIkVDXLBu+LbFyYG5CawJH8BQFyhb2hTR4CwqWMIZxTwU6CXfplxguHXqdEDL91wPPDZqA==
X-Received: by 10.157.1.238 with SMTP id e101mr89360ote.3.1482025754968;
        Sat, 17 Dec 2016 17:49:14 -0800 (PST)
X-BeenThere: rack-devel@googlegroups.com
Received: by 10.157.56.209 with SMTP id k17ls11451889ote.14.gmail; Sat, 17 Dec
 2016 17:49:14 -0800 (PST)
X-Received: by 10.157.61.102 with SMTP id a93mr2654850otc.147.1482025754721;
        Sat, 17 Dec 2016 17:49:14 -0800 (PST)
Received: from mail-it0-x235.google.com (mail-it0-x235.google.com. [2607:f8b0:4001:c0b::235])
        by gmr-mx.google.com with ESMTPS id v140si1030000itc.0.2016.12.17.17.49.14
        for <rack-devel@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sat, 17 Dec 2016 17:49:14 -0800 (PST)
Received-SPF: pass (google.com: domain of jftucker@gmail.com designates 2607:f8b0:4001:c0b::235 as permitted sender) client-ip=2607:f8b0:4001:c0b::235;
Received: by mail-it0-x235.google.com with SMTP id c20so40971699itb.0
        for <rack-devel@googlegroups.com>; Sat, 17 Dec 2016 17:49:14 -0800 (PST)
X-Received: by 10.36.68.130 with SMTP id o124mr10533148ita.62.1482025754388;
 Sat, 17 Dec 2016 17:49:14 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.30.14 with HTTP; Sat, 17 Dec 2016 17:49:13 -0800 (PST)
Received: by 10.107.30.14 with HTTP; Sat, 17 Dec 2016 17:49:13 -0800 (PST)
In-Reply-To: <d36ffbe8-00ed-4fce-bbd4-44eb14881c5b@googlegroups.com>
References: <b1ee5da5-e269-4301-a329-676074943e47@googlegroups.com>
 <CABGa_T_Z2+hDyG3dtvCBCTOwUNwBTHKTqndGgccCwuq-m3LnSA@mail.gmail.com> <d36ffbe8-00ed-4fce-bbd4-44eb14881c5b@googlegroups.com>
From: James Tucker <jftucker@gmail.com>
Date: Sat, 17 Dec 2016 17:49:13 -0800
Message-ID: <CABGa_T8+eahWOt=Wgw2EPG+75TnZeBJXSRS1xa++0Zf4BB94_Q@mail.gmail.com>
Subject: Re: newby issue with rack-ssl gem
To: Rack Development <rack-devel@googlegroups.com>
Content-Type: multipart/alternative; boundary=001a11350cd6a36f630543e502d2
X-Original-Sender: jftucker@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@gmail.com;       spf=pass (google.com: domain of jftucker@gmail.com
 designates 2607:f8b0:4001:c0b::235 as permitted sender) smtp.mailfrom=jftucker@gmail.com;
       dmarc=pass (p=NONE dis=NONE) header.from=gmail.com
Reply-To: rack-devel@googlegroups.com
Precedence: list
Mailing-list: list rack-devel@googlegroups.com; contact rack-devel+owners@googlegroups.com
List-ID: <rack-devel.googlegroups.com>
X-Google-Group-Id: 486215384060
List-Post: <https://groups.google.com/group/rack-devel/post>, <mailto:rack-devel@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:rack-devel+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/rack-devel
List-Subscribe: <https://groups.google.com/group/rack-devel/subscribe>, <mailto:rack-devel+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+486215384060+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/rack-devel/subscribe>

--001a11350cd6a36f630543e502d2
Content-Type: text/plain; charset=UTF-8

On Dec 17, 2016 5:42 PM, "Rich Morin" <rdm@cfcl.com> wrote:

On Saturday, December 17, 2016 at 5:08:12 PM UTC-8, raggi wrote:
>
> This is a web server issue, not a rack issue. Most webservers will not let
> you serve plaintext and TLS over the same port. When I say most, I mean I
> don't know of any ruby webservers that support this, as all of them rely on
> openssl listen sockets for TLS.
>

Hmmm.  A lot of web servers I've encountered force a switch from HTTP to
HTTPS, but then, they're also switching from port 80 to port 443.


Thats precisely the point.

 I suppose that I could redirect requests from (say) http://<IP>:34567/...
to https://<IP>:44567/..., but I'm not sure how useful that would be.
Also, not exactly sure how to do this.

Any other suggestions, anyone?


Your other option is to fingerprint the first few bytes, which are more
than sufficient to determine http/http2/TLS clienthello/unknown. Like I
said, I don't know of any ruby implementations of this, so you'd likely
have to write one. It's not particularly tricky.



-r

-- 

---
You received this message because you are subscribed to the Google Groups
"Rack Development" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to rack-devel+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups "Rack Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rack-devel+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--001a11350cd6a36f630543e502d2
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto"><div><br><div class=3D"gmail_extra"><br><div class=3D"gma=
il_quote">On Dec 17, 2016 5:42 PM, &quot;Rich Morin&quot; &lt;<a href=3D"ma=
ilto:rdm@cfcl.com">rdm@cfcl.com</a>&gt; wrote:<br type=3D"attribution"><blo=
ckquote class=3D"quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc sol=
id;padding-left:1ex"><div dir=3D"ltr"><div class=3D"quoted-text">On Saturda=
y, December 17, 2016 at 5:08:12 PM UTC-8, raggi wrote:<blockquote class=3D"=
gmail_quote" style=3D"margin:0;margin-left:0.8ex;border-left:1px #ccc solid=
;padding-left:1ex"><div dir=3D"auto">This is a web server issue, not a rack=
 issue. Most webservers will not let you serve plaintext and TLS over the s=
ame port. When I say most, I mean I don&#39;t know of any ruby webservers t=
hat support this, as all of them rely on openssl listen sockets for TLS.</d=
iv></blockquote><div><br></div></div><div>Hmmm.=C2=A0 A lot of web servers =
I&#39;ve encountered force a switch from HTTP to HTTPS, but then, they&#39;=
re also switching from port 80 to port 443.</div></div></blockquote></div><=
/div></div><div dir=3D"auto"><br></div><div dir=3D"auto">Thats precisely th=
e point.</div><div dir=3D"auto"><br></div><div dir=3D"auto"><div class=3D"g=
mail_extra"><div class=3D"gmail_quote"><blockquote class=3D"quote" style=3D=
"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D=
"ltr"><div> =C2=A0I suppose that I could redirect requests from (say) http:=
//&lt;IP&gt;:34567/... to https://&lt;IP&gt;:44567/..., but I&#39;m not sur=
e how useful that would be.=C2=A0 Also, not exactly sure how to do this.</d=
iv><div><br></div><div>Any other suggestions, anyone?</div></div></blockquo=
te></div></div></div><div dir=3D"auto"><br></div><div dir=3D"auto">Your oth=
er option is to fingerprint the first few bytes, which are more than suffic=
ient to determine http/http2/TLS clienthello/unknown. Like I said, I don&#3=
9;t know of any ruby implementations of this, so you&#39;d likely have to w=
rite one. It&#39;s not particularly tricky.</div><div dir=3D"auto"><br></di=
v><div dir=3D"auto"><br></div><div dir=3D"auto"><div class=3D"gmail_extra">=
<div class=3D"gmail_quote"><blockquote class=3D"quote" style=3D"margin:0 0 =
0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><font =
color=3D"#888888"><div><br></div><div>-r</div></font></div><div class=3D"el=
ided-text">

<p></p>

-- <br>
<br>
--- <br>
You received this message because you are subscribed to the Google Groups &=
quot;Rack Development&quot; group.<br>
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:rack-devel+unsubscribe@googlegroups.com" target=
=3D"_blank">rack-devel+unsubscribe@<wbr>googlegroups.com</a>.<br>
For more options, visit <a href=3D"https://groups.google.com/d/optout" targ=
et=3D"_blank">https://groups.google.com/d/<wbr>optout</a>.<br>
</div></blockquote></div><br></div></div></div>

<p></p>

-- <br />
<br />
--- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Rack Development&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:rack-devel+unsubscribe@googlegroups.com">rack-dev=
el+unsubscribe@googlegroups.com</a>.<br />
For more options, visit <a href=3D"https://groups.google.com/d/optout">http=
s://groups.google.com/d/optout</a>.<br />

--001a11350cd6a36f630543e502d2--