SSLEngine optional and SSLRequireSSL ?

--nextPart1988061.SKRnglagLZ
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hello,

It seems that SSLRequireSSL prevents TLS Upgrade from working at all, or=20
I got something wrong. Still, I have not been able to find out how to=20
force TLS Upgrade on a SSLEngine optional... If I use SSLRequireSSL,=20
Apache will properly return 426 whenever a client performs an=20
unencrypted request, but that will block the TLS Upgrade request itself=20
too (since it is not encrypted either).

I've tried that but that does not seem to work either (plus I am not=20
sure if allowing unencryted OPTIONS is actually safe):

SSLRequireSSL


This is a sample:

OPTIONS * HTTP/1.1
Host: www.example.com
Upgrade: TLS/1.0
Connection: Upgrade

HTTP/1.1 426 Upgrade Required
Date: Fri, 16 Feb 2007 18:54:30 GMT
Server: Apache/2.2
Upgrade: TLS/1.0, HTTP/1.1
Connection: Upgrade
Content-Length: 459
..

Has anyone been able to work around this chicken-and-egg problem?

Regards,

=2D-=20
Rémi Denis-Courmont
http://www.remlab.net/

--nextPart1988061.SKRnglagLZ
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iEYEABECAAYFAkXWBLkACgkQw+xtvt1tEr21nQCfeVfIftpSwd9CPPcJsKdM oXg2
TAsAn25uIdyn7Bzi7eKFo6UyKRW3M6oC
=qzq7
-----END PGP SIGNATURE-----

--nextPart1988061.SKRnglagLZ--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org