LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page Telnet enables plain text on SSL port - browsers do not
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 09-25-2016, 07:08 AM   #1
fred2014
Member
 
Registered: Mar 2015
Posts: 70

Rep: Reputation: Disabled
Telnet enables plain text on SSL port - browsers do not

I expect I have a config problem here but I can't find it:

Connecting to my SSL (own certificate - not commercial) site
allows pages to be served in plain text when telnet is used.

Connecting using a browsers performs correctly.

EG:

http://example.com - fails correctly
https://example.com - works correct
http://example.com:80 - fails correct
https://example.com:443 - works correct

So far so good but using telnet:
[root@localhost ~]# telnet
telnet> open example.com 443
Trying 1.1.1.2...
Connected to example.com.
Escape character is '^]'.
GET /
Connection closed by foreign host.

OK that's good.


THIS IS THE ISSUE
[root@localhost ~]# telnet
telnet> open example.com 80 <-----------port 80
Trying 1.1.1.2...
Connected to example.com.
Escape character is '^]'.
GET /

Returns plain text HTML of the page
This should not work.

What I don't understand is why a browser functions correctly
but telnet does not - and what config I need to look at?

I've probably missed something by staring at it too long
can anyone see my issue?

TIA
 
Old 09-25-2016, 09:20 AM   #2
af7567
Member
 
Registered: Nov 2012
Posts: 293

Rep: Reputation: 106Reputation: 106
What have you done to prevent plain text working over port 80? If you have only set up your SSL certificate then that would not normally disable port 80 automatically. It would just add the port 443 HTTPS connection too.

I don't know why http://example.com would fail in the browser, unless you are using Firefox which seems to redirect to HTTPS if it knows that the site supports it.

To make sure that visitors are using HTTPS you could add a .htaccess file to your server which checks for a port 80 connection and the rewrites the URL to use HTTPS, there are a few examples on Google.

http://www.inmotionhosting.com/suppo...-htaccess-file
 
Old 09-25-2016, 10:18 AM   #3
fred2014
Member
 
Registered: Mar 2015
Posts: 70

Original Poster
Rep: Reputation: Disabled
Found it - I had a spurious <virtualhost ..> uncommented in the middle of some text
which made a number of things behave oddly.



Quote:
Originally Posted by af7567 View Post
What have you done to prevent plain text working over port 80? If you have only set up your SSL certificate then that would not normally disable port 80 automatically. It would just add the port 443 HTTPS connection too.
Which would not make sense - why have plain text and encrypted text?
But yes I have belt and braces on that to prevent port 80 access you are correct.

Quote:
I don't know why http://example.com would fail in the browser, unless you are using Firefox which seems to redirect to HTTPS if it knows that the site supports it.
firefox had better not be re-routing users requests. That would constitute hacking.

Quote:
To make sure that visitors are using HTTPS you could add a .htaccess file to your server which checks for a port 80 connection and the rewrites the URL to use HTTPS, there are a few examples on Google.

http://www.inmotionhosting.com/suppo...-htaccess-file

thanks for the input but I prefer such things to be in the config files. Its a good deal more
efficient that way - and easier to control.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
The best way to convert from text/x-c++ iso-8859-1 to text/plain utf8. rm_-rf_windows Linux - General 1 10-03-2012 04:08 AM
[SOLVED] vsftpd with SSL auth but force plain data pantzir Linux - Server 1 08-26-2010 10:45 PM
Browsers treat *.nb, *.svg and some other files given by vsftpd as plain text 10110111 Linux - Networking 1 01-10-2010 02:00 PM
forwarding ssl port to a different ssl port number on a different machine coal-fire-ice Linux - Networking 6 03-15-2007 12:30 PM
Server doesn't work with port forwarding enables Dawyea Linux - Networking 7 06-19-2004 09:57 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 12:19 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration