Should a website connected to over http show an error over http when https fails

(Toby Allen) #1

Due to recent changes in 0.11.5 and 1.0 where various ciphers were removed off the default list, it got me thinking about errors.

In this instance an older client that connects will not get any error, just a failure to connect. It will if the client is good say that it was unable to establish a secure connection. It simply looks like the website doesnt exist.

Since in all likelyhood the initial connection was HTTP which was then redirected to HTTPS , if caddy is unable to create a secure connection after having been redirected from HTTP should it show an error over HTTP?

This at least would enable us to let the user know that the website does exist but the client has been unable to establish a secure connection.

(Matt Holt) #2

To be clear, that failure to connect is an error. A TLS alert is always raised by the server in this case, so Caddy is doing its job.

No, I don’t think so. I’m not really sure how that would work since if the connection is over HTTPS we cannot simply reply over HTTP and expect it to work. Also, let’s just not use HTTP… for anything, anymore.

I believe what you are really asking for is a feature request for web browsers to handle failed TLS connections differently.

(Matthew Fay) #3

I’m categorically for helpful, common sense error messages, like “hey, we redirected you to HTTPS but your browser’s too old to support it.”

I don’t really see any feasibility for Caddy go above and beyond somehow and provide this, though. Definitely something browsers can (should?) easily do. Unfortunately if browser developers implemented this tomorrow, it wouldn’t matter for years, until the current set of browsers become outdated. Because the old browsers that don’t support contemporary secure protocols/ciphers… don’t support them because they aren’t updated.

(Toby Allen) #4

What I am suggesting is when the initial request is over http and we redirect to https.

If you simply type caddyserver.com into your browser the first connection is http and then a request is made by caddy to redirect to https. What I am suggesting is if that fails we show an error.

However i understand its not necessarily obvious to a stateless piece of software what has happened, and you are right that what I’m really looking for is a better error message from the browser.

:slight_smile:

(Matt Holt) #5

How do we show an error (from the server-side) if the browser can’t connect to us?

1 Like