Re: http/1 opportunistic encryption

> Am 20.07.2015 um 11:27 schrieb Amos Jeffries <>:
> In HTTP/2 the :scheme pseudo-header and others needed to form
> absolute-URI are mandatory. Which makes it always have a well-formed
> request-target. That was intentionally done to avoid exactly this bug
> from occuring. It saddens me greatly to hear that servers are ignoring
> it already on grounds of that being how they treat HTTP/1.

It's not that bad. Apache is parsing absolute uris and giving them
preference over any host header. But, if I read the code correctly,
it is not prepared to treat a http: scheme correctly when received
over a TLS port.


<green/>bytes GmbH
Hafenweg 16, 48155 Münster, Germany
Phone: +49 251 2807760. Amtsgericht Münster: HRB5782

Received on Monday, 20 July 2015 09:51:51 UTC