From owner-freebsd-questions@FreeBSD.ORG Tue Oct 27 03:40:19 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 43E8C1065694 for ; Tue, 27 Oct 2009 03:40:19 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id C7ED88FC17 for ; Tue, 27 Oct 2009 03:40:18 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.50) id 1N2cuu-0006BJ-7k for freebsd-questions@freebsd.org; Tue, 27 Oct 2009 04:40:16 +0100 Received: from pool-70-21-24-213.res.east.verizon.net ([70.21.24.213]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 27 Oct 2009 04:40:16 +0100 Received: from nightrecon by pool-70-21-24-213.res.east.verizon.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 27 Oct 2009 04:40:16 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Michael Powell Followup-To: gmane.os.freebsd.questions Date: Mon, 26 Oct 2009 23:40:48 -0400 Lines: 66 Message-ID: References: <4AE65E25.2050701@ibctech.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7Bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: pool-70-21-24-213.res.east.verizon.net Sender: news Subject: Re: howto use https in favour of http X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2009 03:40:19 -0000 Steve Bertrand wrote: > Alexander Best wrote: >> Olivier Nicole schrieb am 2009-10-27: >>> Hi, >> >>>> i've added the following line to my /etc/hosts: >> >>>> permail.uni-muenster.de:25 permail.uni-muenster.de:443 >> >>>> so what i want is for freebsd to never use http, but https for that >>>> address. >>>> unfortunately hosts doesn't seem to support this syntax. >> [snip] >> >> i'm not using a webserver or anything. i'm just a regular user. the point >> is: i often forget to specify https://... for that specific address in >> apps like lynx or firefox. that's why the non-ssl version of that site is >> being loaded. i'd like freebsd to take care of this so even if the app is >> trying to access the non-ssl version it should in fact be redirected to >> the ssl version by freebsd. > > I thought that this is what you were originally after. > > FreeBSD, in itself, can't do this... much like Mac OS or Windows can't > do this. > > Most applications such as Firefox can't even do this (inherently). > > If you are trying to enforce this as a personal/company policy, you will > need to write a 'wrapper' around your application (lynx/firefox) to do > this. > > Note that your example was :25->:443, which implied SMTP over SSL... > > Nonetheless, FreeBSD can't make these decisions inherently (thankfully). > > Steve I think the OP does not have a clear grasp on how the various protocols operate. Evidenced by confusing http with mail services. Yes, I know there is 'web mail', but even web based mail is still a web server. It is up to the server operator to configure the services on the server end of things. Whether its SMTP with SSL/TLS, HTTP/HTTPS, pop3 or imap with SSL, etc., all of these things are made to work at the server end. True enough a client may need to be configured to talk on port 995 for pop3/SSL or port 993 for IMAP/SSL but for the web a client shouldn't need to do anything. The web server operator configures which locations in his URI space should be served up on port 443, and the client's browser should automatically switch to HTTPS based upon this. The OP doesn't seem to understand that he doesn't need to make this happen on his end, at least as far as HTTP/HTTPS goes. If he is actually trying to configure a mail client to talk TLS or SSL to an SMTP server, then he needs to tell the email client software this. E.g., "This connection requires encryption" and whether it is SSL or TLS. Mail servers on port 25 do not use HTTP or HTTPS, but rather SMTP. So it seems as if he is just very confused. -Mike