I have a
Tomcat application that opens an HTTPS socket for incoming requests. I can go to
https://website (or
https://website:443) and things work beautifully.
However, if I try to go to
http://website:443 things don't work so well. The browser simply shows some garbage characters that I'm assuming are a part of an SSL handshake that will never complete. BTW, I know that what I'm asking about here is fundamentally wrong - I'm looking into it because of the way a poorly-designed
applet (that I have no control over) is working.
Anyway, what I would *LIKE* to have happen is this:
Browse to
http://website:443 The server performs a redirect to
https://website The browser now goes to the right place
Life is good
In looking at the SSL spec, I don't see why this can't happen. The server (that's expecting https connections) should be able to figure out that something is wrong since the client is not sending a ClientHello message. When it determines this, it can simply reply using regular old HTTP and issue the redirect.
I have a feeling that my argument is somehow flawed, but can't figure out why. Anyone have any ideas? Anyone have any ideas on how to actually implement such a thing?
Sander Smith