Wireshark mailing list archives
Re: un-encrypted traffic over port 443
From: John Sullivan <jsethdev () kanargh force9 co uk>
Date: Mon, 30 Jun 2014 00:04:48 +0100
On Sunday, June 29, 2014, 12:43:39 PM, Toralf Förster wrote:
/mew wonders if wireshark should print a warning if a http traffic goes over port 443 (eg a TRAC temporarily configured at that port instead of 80) but is not encrypted, currently those packets are marked as "SSL" but they aren't secure.
Note that I believe Apache's (and other servers', no doubt) normal behaviour is to auto-detect whether the client is speaking plain HTTP or TLS, and back off to plain HTTP over port 443, *BUT* to deliver 400 Bad Request responses to any attempt to do so. So there are actually two different thing you might want to be aware of here: 1) Clients wrongly attempting plain HTTP over the TLS port, which is solely a client issue. It may be a buggy client, a mis-written webpage/link delivered by other means which specifies the wrong port, or it could be a malicious attempt to access normal protected services unencrypted. This would be true even if the server protects itself and always refuses service. The server operator may not have much control over this, and it might be quite noisy. 2) Servers actually allowing unencrypted service over that port, which is likely a rather more serious issue and usually deserves to be squashed with extreme prejudice. John -- Dead stars still burn ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- un-encrypted traffic over port 443 Toralf Förster (Jun 29)
- Re: un-encrypted traffic over port 443 Evan Huus (Jun 29)
- Re: un-encrypted traffic over port 443 Jakub Zawadzki (Jun 29)
- Re: un-encrypted traffic over port 443 John Sullivan (Jun 29)