• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

https and http in the same port (tomcat)

 
alain martin
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have configurated my tomcat server.xml file to serve http in 8080 port and https in 8443 port.

I would like to server both in the same port (8080) is it possible in tomcat?

Thanks
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, nor can any other server do it. HTTP and HTTPS are different protocols; they can't be handled on the same port.
 
alain martin
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you sure? I think I saw websites with http and https in same port (80). And a friend tell me he did in apache server...
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am sure. You might ask your friend what exactly he did.
 
Dominique Laurent
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, actually you can: see http://www.ietf.org/rfc/rfc2817.txt

"The HTTP/1.1 Upgrade mechanism can apply TLS to an open HTTP connection"

E.g. a response such as

HTTP/1.1 426 Upgrade Required
 
Muhammad Hammad Ayaz
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You cannot set same ports for both http and https. You would have seen websites in which ports are not visible in case of http and https. It doesn't mean that those websites use the same ports. If, you set the port for http to 80 and https to 443. The ports won't be showed in URL. In case of ports other than 80 and 443, they will be shown in the URL.
 
Michael Kato
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you did this, how would you know if it was using https or http? You'd never know if the parts that were supposed to be secure were secure. The browser certainly wouldn't be able to tell and subsequently the user.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic