Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 26 Oct 2009 23:40:48 -0400
From:      Michael Powell <nightrecon@hotmail.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: howto use https in favour of http
Message-ID:  <hc5q29$bat$1@ger.gmane.org>
References:  <permail-20091027022913f0889e8400004137-a_best01@message-id.uni-muenster.de> <4AE65E25.2050701@ibctech.ca>

next in thread | previous in thread | raw e-mail | index | archive | help
Steve Bertrand wrote:

> Alexander Best wrote:
>> Olivier Nicole schrieb am 2009-10-27:
>>> Hi,
>> 
>>>> i've added the following line to my /etc/hosts:
>> 
>>>> permail.uni-muenster.de:25      permail.uni-muenster.de:443
>> 
>>>> so what i want is for freebsd to never use http, but https for that
>>>> address.
>>>> unfortunately hosts doesn't seem to support this syntax.
>> 
[snip]
>> 
>> i'm not using a webserver or anything. i'm just a regular user. the point
>> is: i often forget to specify https://... for that specific address in
>> apps like lynx or firefox. that's why the non-ssl version of that site is
>> being loaded. i'd like freebsd to take care of this so even if the app is
>> trying to access the non-ssl version it should in fact be redirected to
>> the ssl version by freebsd.
> 
> I thought that this is what you were originally after.
> 
> FreeBSD, in itself, can't do this... much like Mac OS or Windows can't
> do this.
> 
> Most applications such as Firefox can't even do this (inherently).
> 
> If you are trying to enforce this as a personal/company policy, you will
> need to write a 'wrapper' around your application (lynx/firefox) to do
> this.
> 
> Note that your example was :25->:443, which implied SMTP over SSL...
> 
> Nonetheless, FreeBSD can't make these decisions inherently (thankfully).
> 
> Steve

I think the OP does not have a clear grasp on how the various protocols 
operate. Evidenced by confusing http with mail services. Yes, I know there 
is 'web mail', but even web based mail is still a web server.

It is up to the server operator to configure the services on the server end 
of things. Whether its SMTP with SSL/TLS, HTTP/HTTPS, pop3 or imap with SSL, 
etc., all of these things are made to work at the server end. True enough a 
client may need to be configured to talk on port 995 for pop3/SSL or port 
993 for IMAP/SSL but for the web a client shouldn't need to do anything.

The web server operator configures which locations in his URI space should 
be served up on port 443, and the client's browser should automatically 
switch to HTTPS based upon this. The OP doesn't seem to understand that he 
doesn't need to make this happen on his end, at least as far as HTTP/HTTPS 
goes.

If he is actually trying to configure a mail client to talk TLS or SSL to an 
SMTP server, then he needs to tell the email client software this. E.g., 
"This connection requires encryption" and whether it is SSL or TLS. Mail 
servers on port 25 do not use HTTP or HTTPS, but rather SMTP.

So it seems as if he is just very confused.

-Mike






Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?hc5q29$bat$1>