New issue
Advanced search Search tips
Starred by 31 users
Status: WontFix
Owner: ----
Closed: Sep 20
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Feature



Sign in to add a comment
implement RFC 2817: Upgrading to TLS Within HTTP/1.1
Reported by mal.chro...@gmail.com, Nov 18 2008 Back to list
[refiling of b/1491455]

Chrome does not implement RFC 2817

http://www.ietf.org/rfc/rfc2817.txt

------------------------------------------
That's all that's in the internal bug. I don't know if other browsers 
support this, nor what the benefits would be.
 
Comment 1 by wtc@chromium.org, Nov 19 2008
I believe that Firefox doesn't support RFC 2817.  Here is
an old discussion on it in Mozilla's crypto newsgroup:

http://markmail.org/message/hwq3xqgsordlkgd3#query:+page:1+mid:kzryai3kimkvd62h+state
:results

Comment 2 by alang...@gmail.com, Nov 19 2008
I believe that the benefit is small. We should implement SNI[1] and FastTrack before
this, if we haven't already (I've not tested).

[1] http://www.ietf.org/rfc/rfc3546.txt (section 3.1)
[2] http://citeseer.ist.psu.edu/old/shacham02fasttrack.html
Labels: DesignDocNeeded
Status: Available
Comment 4 Deleted
Comment 5 by oritm@chromium.org, Dec 17 2009
Labels: -Area-BrowserBackend Area-Internals
Replacing labels:
   Area-BrowserBackend by Area-Internals

Comment 6 by bgam...@gmail.com, Sep 2 2010
This bug deserves looking at again. Even if RFC2817 itself isn't supported we should at least have some heuristics for trying HTTPS after receiving an HTTP status 426. It seems an overwhelming portion of the time simply trying again with TLS on port 443 will accomplish what the user intended.
Labels: -DesignDocNeeded bulkmove Action-DesignDocNeeded
[refiling of b/1491455]

Chrome does not implement RFC 2817

http://www.ietf.org/rfc/rfc2817.txt

------------------------------------------
That's all that's in the internal bug. I don't know if other browsers 
support this, nor what the benefits would be.
Project Member Comment 8 by bugdroid1@chromium.org, Mar 9 2013
Labels: -Action-DesignDocNeeded Needs-DesignDoc
Project Member Comment 9 by bugdroid1@chromium.org, Mar 10 2013
Labels: -Area-Internals Cr-Internals
I'd like to see RFC 2817 revisited; it turns out to be the only solution the Internet has for opportunistic encryption of HTTP - that is, given an arbitrary "http" scheme URI, being able to fetch that over TLS.

This seems to be of some importance given the impact of pervasive surveillance - see the IETF's recent Technical Plenary and the perpass BOF, and also the current thread (mentioning this RFC, indeed) on the ietf@ietf.org mailing list.
Comment 11 by laforge@google.com, Apr 28 2015
Cc: -wtc@chromium.org
Project Member Comment 12 by sheriffbot@chromium.org, Jun 30 2016
Labels: Hotlist-Recharge-Cold
Status: Untriaged
This issue has been available for more than 365 days, and should be re-evaluated. Hotlist-Recharge-Cold label is added for tracking. Please re-triage this issue.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Components: -Internals Internals>Network>HTTP
Status: WontFix
Think we're safe closing this - no plans to implement it.  It's better for sites to be HTTPS-only, rather than implementing this sort of opportunistic upgrade.
Sign in to add a comment