- From: Scott Lawrence <lawrence@world.std.com>
- Date: Fri, 19 Jul 2002 09:34:30 -0400
- To: ietf-http-wg@w3.org, Joe Orton <joe@manyfish.co.uk>
7/18/2002 5:10:39 PM, Joe Orton <joe@manyfish.co.uk> wrote: >Is the :port segment intended to be optional in the request-URI used in >a CONNECT request? The text in RFC 2817 implies it is always used, but >it is actually optional in an 'authority' segment according to RFC 2396. As you point out, it isn't a good idea for the client to treat it as optional. Formally, I don't think that it would be a good idea for the proxy to treat it as optional either, but for backward compatibility with older clients, one might choose to do so. When we incorporated the specification of CONNECT from the original Netscape I- D into what became 2817, our intent was explicitly to specify it as a general (not SSL-specific) mechanism. In that context, making the port specification optional makes little sense. >(I tried a couple of proxies and they behave differently if the :port is >ommitted: Traffic-Server assumes port 80, Squid assumes 443) Most seem to assume 443; I've also run into some that connect to 443 regardless of what is specified. Since each scheme also implies a default port, I would treat that as authoritative (if the CONNECT request-uri is 'http:', then 80, if it's 'https:', then 443).
Received on Friday, 19 July 2002 09:36:53 UTC