On 15/04/2021 11:16, piorunz wrote: > On 15/04/2021 03:15, Celejar wrote: > >>> It certainly works fine for me. I use https only mode for many months >>> now. Can you bring an example of a page which returns good page on >>> http, >>> but 404 error on https? >> >> http://www.daat.ac.il/ >> https://www.daat.ac.il/ >> >> Celejar > > Their webserver is misconfigured. AFAIR, if they don't support https, > their server should redirect to http page. Instead, they throw 404 error.
If they don't support https, they shouldn't respond at all. Receiving a 404 comes after successful TLS negotiation. With HTTPS you first establish a TCP connection to port 443 on the server, then you establish a TLS tunnel to the server; only once those are complete can you send the "GET" verb over the tunnel. The server has then, securely, responded "I don't have a page called /". While it's common practice for HTTP and HTTPS sites to be identical, it's not really built in to the protocol. I could well see a situation where a webmaster might configure, say, just the /admin part to be accessible over HTTPS. That said, common use is changing. It's now expected that http://example.com, https://example.com, http://www.example.com and https://www.example.com all serve identical content (mostly because humans are terrible at paying attention to the full URL and just see that all as "example dot com". > > Your web browser behaviour is as intended, everything is fine. > If webadmins of that page don't know their sh*t, are you sure you want > to use that website? Who knows what else they forgot to implement. > > Disclaimer: I never worked in IT, all self taught, but I have webpage > which I put up myself on Debian computer, with https cert (it's free), > TLS 2.0/3.0 only, PFS, HSTS preload with long duration, OCSP stapling, > top spec security. These guys? They can't even redirect to their http > page. > > > -- > > With kindest regards, piorunz. > > ⢀⣴⠾⠻⢶⣦⠀ > ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system > ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org > ⠈⠳⣄⠀⠀⠀⠀ >
OpenPGP_signature
Description: OpenPGP digital signature
