Julian,
I don't know, but RFC 2817 is pretty explicit about how to do a mandatory upgrade that applies to the connection and not to a particular resource:
3.2 Mandatory Upgrade
If an unsecured response would be unacceptable, a client MUST send an
OPTIONS request first to complete the switch to TLS/1.0 (if
possible).
OPTIONS * HTTP/1.1
Host: example.bank.com
Upgrade: TLS/1.0
Connection: Upgrade
I think that's the crux - "*" has a different semantic than "/", and in HTTP/1.x you can't pass an empty path on the request line.
On Jul 25, 2014, at 9:19 AM, Julian Reschke <julian.reschke@gmx.de> wrote:
> On 2014-07-25 06:59, Michael Sweet wrote:
>> HTTP Upgrade
>
> And it couldn't have been "OPTIONS /"?
>
> There's nothing else in HTTP/1.1 that requires as many exceptions and special cases as the asterisk form... Cost/benefit etc.
>
> Best regards, Julian
>
_________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair