Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

When are POST variables sent in an HTTPS request? 2

Status
Not open for further replies.
Maccaday

Maccaday

Technical User
Dec 9, 2003
71
GB
Hi,

I was wondering when precisely POST/PUT variables are sent in an HTTPS request. The questions pertain to requesting page transmitted over HTTPS from a page that was transmitted over HTTP. I have two questions:

1) Are POST/PUT variables sent at the same time as the initial request to the server (therefore they wouldn't be secure if sent from a non-secure page), or after the secure 'handshake' process has been completed (therefore making them secure to send directly from a page that isn't itself secure)?

2) If a secure connection has already been established, and there are cached session keys, is the scenario the same or is it different (e.g. if in the first question the post variables weren't secure, but once the session keys had been established, subsequent POST/PUT variables to the same address would be secure even from a non-secure page)?

Thanks in advance for your responses.
 
Sort by date Sort by votes
On an HTTPS connection, all handshaking necessary for establishing the secure connection happens before any HTTP headers are transmitted. This is why secure sites can't share IP addresses the way non-secure sites can -- the web server must make a decision as to which secure certificate to use on the connection before it ever receives the "Host:" HTTP/1.1 header.


How was the session key stored on the client? If it was stored in a cookie, then that cookie can be configured so that it requires a secure connection to be transmitted back to the server. (See
Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Thanks, that was just the response I was hoping for.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

donald lepariku
  • Locked
  • Question
Error: 694, Severity: 24, State: 10 An attempt was made to read logical page '153', virtpage '616' f 1
Replies
3
Views
194
spamjim
spamjim
bhuv560
  • Locked
  • Question
Postfix Installation on EC2 AWS Linux
Replies
0
Views
86
bhuv560
bhuv560
hobbytech
  • Locked
  • Question
Internet not connecting
Replies
5
Views
177
Stephen_Hawk
Stephen_Hawk
KannaChan
  • Locked
  • Question
TLS1.2 and TLS1.0 proxy in same Virtualhost
Replies
1
Views
112
ChrisHirst
ChrisHirst
kevinds
  • Locked
  • Question
Help With Per File/Folder Restriction Based on HTTPS Client Certificate's CN
Replies
0
Views
69
kevinds
kevinds

Part and Inventory Search

Sponsor

Back
Top