Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the proper HTTP response to send for requests that require SSL/TLS

Tags:

rest

http

https

ssl

httpresponse

I'm designing an RESTful API where some calls are public over HTTP, and some require an API key and encryption over HTTPS. I'm deliberating on what response code should be sent if an HTTP request is sent to one of the private resources. So far the only one that jumps out at me is 412 - Precondition Failed, but the standard indicates that the precondition is imposed by the requester not the server.

Is there an appropriate response code for this condition or do I just need to give in and do 400?

like image 605
gtd Avatar asked Mar 31 '10 16:03

gtd

People also ask

What is HTTP protocol over TLS SSL used for?

It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.

Does HTTP use SSL or TLS?

HTTPS is HTTP with encryption and verification. The only difference between the two protocols is that HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses, and to digitally sign those requests and responses. As a result, HTTPS is far more secure than HTTP.

Is HTTPS same as HTTP over TLS?

HTTPS provides a mechanism for sending HTTP messages over a TLS secured connection rather than directly over TCP. A secure HTTP request is made using an URL of the type “https://…” instead of the “http://…” request used for ordinary HTTP.

Can you use TLS with HTTP?

HTTPS uses TLS (or SSL) to encrypt HTTP requests and responses, so instead of the plaintext, an attacker would see a series of seemingly random characters. TLS uses a technology called public key encryption: there are two keys, a public key and a private key.

Does TLS 1.2 support HTTP?

Token2Shell supports TLS 1.2 encryption for TCP Direct connections. It can be used for directly connecting to HTTPS servers.

Is HTTP encrypted with TLS?

HTTPS is an implementation of TLS encryption on top of the HTTP protocol, which is used by all websites as well as some other web services. Any website that uses HTTPS is therefore employing TLS encryption.

1 Answers

I cannot say if this is broadly accepted by HTTP clients, but speaking strictly RFC, the server should respond with:

HTTP/1.1 426 Upgrade Required Upgrade: TLS/1.0, HTTP/1.1 Connection: Upgrade

Source:
https://www.rfc-editor.org/rfc/rfc2817#section-4.2

like image 65
MicE Avatar answered Sep 20 '22 12:09

MicE
Sign in to Comment

Related questions

Spring Boot redirect HTTP to HTTPS
Python - make a POST request using Python 3 urllib
Passing array of parameters through get in rails
HTTP Spec: Proxy-Authorization and Authorization headers
What Content-Type should a 204 No Response use?
When do browsers send the Origin header? When do browsers set the origin to null?
Are HTTP headers (Content-Type, &c.) case-sensitive? [duplicate]
How do I use Fiddler to modify the status code in an HTTP response?
JAVA -tomcat- Request header is too large
AngularJS $http custom header for all requests
Google.com and clients1.google.com/generate_204
Send multipart/form-data files with angular using $http
Does HTTP response "200 OK" give a guarantee that the document has been received by the machine who generated the HTTP request?
Nodejs HTTP and HTTPS over same port
Apache HttpComponents HttpClient timeout
Utility of HTTP header "Content-Type: application/force-download" for mobile?
How do I find the a referring sites URL in node?
Retrieving HTTP status code from loaded iframe with Javascript
Boolean in a URI query?
WebSockets Energy Consumption

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!