New issue
Advanced search Search tips

Issue 4527 link

Starred by 31 users

Issue metadata

Status: WontFix
Owner: ----
Closed: Sep 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Feature



Sign in to add a comment

implement RFC 2817: Upgrading to TLS Within HTTP/1.1

Reported by mal.chro...@gmail.com, Nov 18 2008

Issue description

[refiling of b/1491455]

Chrome does not implement RFC 2817

http://www.ietf.org/rfc/rfc2817.txt

------------------------------------------
That's all that's in the internal bug. I don't know if other browsers 
support this, nor what the benefits would be.
 

Comment 1 by wtc@chromium.org, Nov 19 2008

I believe that Firefox doesn't support RFC 2817.  Here is
an old discussion on it in Mozilla's crypto newsgroup:

http://markmail.org/message/hwq3xqgsordlkgd3#query:+page:1+mid:kzryai3kimkvd62h+state
:results

Comment 2 by alang...@gmail.com, Nov 19 2008

I believe that the benefit is small. We should implement SNI[1] and FastTrack before
this, if we haven't already (I've not tested).

[1] http://www.ietf.org/rfc/rfc3546.txt (section 3.1)
[2] http://citeseer.ist.psu.edu/old/shacham02fasttrack.html
Labels: DesignDocNeeded
Status: Available

Comment 4 Deleted

Comment 5 by oritm@chromium.org, Dec 17 2009

Labels: -Area-BrowserBackend Area-Internals
Replacing labels:
   Area-BrowserBackend by Area-Internals

Comment 6 by bgam...@gmail.com, Sep 2 2010

This bug deserves looking at again. Even if RFC2817 itself isn't supported we should at least have some heuristics for trying HTTPS after receiving an HTTP status 426. It seems an overwhelming portion of the time simply trying again with TLS on port 443 will accomplish what the user intended.
Labels: -DesignDocNeeded bulkmove Action-DesignDocNeeded
[refiling of b/1491455]

Chrome does not implement RFC 2817

http://www.ietf.org/rfc/rfc2817.txt

------------------------------------------
That's all that's in the internal bug. I don't know if other browsers 
support this, nor what the benefits would be.
Project Member

Comment 8 by bugdroid1@chromium.org, Mar 9 2013

Labels: -Action-DesignDocNeeded Needs-DesignDoc
Project Member

Comment 9 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Area-Internals Cr-Internals
I'd like to see RFC 2817 revisited; it turns out to be the only solution the Internet has for opportunistic encryption of HTTP - that is, given an arbitrary "http" scheme URI, being able to fetch that over TLS.

This seems to be of some importance given the impact of pervasive surveillance - see the IETF's recent Technical Plenary and the perpass BOF, and also the current thread (mentioning this RFC, indeed) on the ietf@ietf.org mailing list.

Comment 11 by laforge@google.com, Apr 28 2015

Cc: -wtc@chromium.org
Project Member

Comment 12 by sheriffbot@chromium.org, Jun 30 2016

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been available for more than 365 days, and should be re-evaluated. Hotlist-Recharge-Cold label is added for tracking. Please re-triage this issue.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Components: -Internals Internals>Network>HTTP
Status: WontFix (was: Untriaged)
Think we're safe closing this - no plans to implement it.  It's better for sites to be HTTPS-only, rather than implementing this sort of opportunistic upgrade.
Components: Internals>Network
Components: -Internals>Network>HTTP

Sign in to add a comment