server: Bad UX if you try connecting to an insecure server over HTTPS

[a-robinson]

If a server is running in insecure mode, its admin UI is exposed as an HTTP endpoint, not HTTPS. That's great, but what isn't great is what happens if you try to access such a server's admin UI (or debug pages) over HTTPS (as shown below).

Would it be possible for us to return an HTTP 308 redirect like we do when you try to access a secure server over HTTP?

On Ubuntu:

$ curl -k https://localhost:8080
curl: (35) gnutls_handshake() failed: An unexpected TLS packet was received.

On OS X:

$ curl -k https://localhost:8080
curl: (35) Unknown SSL protocol error in connection to localhost:-9847

Via Chrome:

[tamird]

We would need to use certificates to service that redirect, I think. Which certificate would you use?

…

On Thu, Jan 19, 2017 at 3:11 PM, Alex Robinson ***@***.***> wrote: If a server is running in insecure mode, its admin UI is exposed as an HTTP endpoint, not HTTPS. That's great, but what isn't great is what happens if you try to access such a server's admin UI (or debug pages) over HTTPS (as shown below). Would it be possible for us to return an HTTP 308 redirect like we do when you try to access a secure server over HTTP? On Ubuntu: $ curl -k https://localhost:8080 curl: (35) gnutls_handshake() failed: An unexpected TLS packet was received. On OS X: $ curl -k https://localhost:8080 curl: (35) Unknown SSL protocol error in connection to localhost:-9847 Via Chrome: [image: screen shot 2017-01-19 at 12 01 06 pm] <https://cloud.githubusercontent.com/assets/7085343/22123047/03226556-de3f-11e6-8e1c-4519a287104e.png> — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#13008>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABdsPJLyXw4CgQU1jyT28Umc_I1pyK9yks5rT8ONgaJpZM4LojMl> .

[bdarnell]

We could generate some hard-coded self-signed certificate for this purpose, but even then you're going to have to click through the certificate warning screen before you could get the redirect. I don't think it's worth it; better to invest our energy in discouraging insecure use in the first place.

[a-robinson]

A garbage certificate, I suppose, since anyone trying to connect over HTTPS presumably isn't planning on doing cert verification anyways.

I don't think this is urgent by any means, but it is a bit of a rough edge, particularly since the error messages don't give the best search results.

[knz]

We're de-emphasizing the "insecure mode" and there's now a native non-TLS option for the HTTP port in secure clusters. Closing.