Using StartTLS with HTTP connections

While catching up with some news groups today, I came across RFC 2817. This RFC describes HTTP protocol extensions to allow a client and server to initiate a TLS session over an existing connection. This has numerous benefits, and could definitely speed up web-based commerce (e.g., a dedicated secure connection is not required, slow start is avoided, etc.) . Now if only the browser developers would implement this! :)

1 thought on “Using StartTLS with HTTP connections”

  1. If only they would have used the seemingly de facto standard “StartTLS” keyword and not the new and ambiguous “Upgrade” keyword…

Leave a Reply

Your email address will not be published. Required fields are marked *