added web

1 files changed, 201 insertions, 0 deletions

diff --git a/manual/html_node/Separate-ports.html b/manual/html_node/Separate-ports.html
new file mode 100644
index 0000000000..f0b8ba7b5c
--- /dev/null
+++ b/manual/html_node/Separate-ports.html
@@ -0,0 +1,201 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<!-- This manual is last updated 17 November 2012 for version
+3.1.5 of GnuTLS.
+
+Copyright (C) 2001-2012 Free Software Foundation, Inc.
+
+Permission is granted to copy, distribute and/or modify this document
+under the terms of the GNU Free Documentation License, Version 1.3 or
+any later version published by the Free Software Foundation; with no
+Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.  A
+copy of the license is included in the section entitled "GNU Free
+Documentation License". -->
+<!-- Created by GNU Texinfo 4.13.90, http://www.gnu.org/software/texinfo/ -->
+<head>
+<title>GnuTLS 3.1.5: Separate ports</title>
+
+<meta name="description" content="GnuTLS 3.1.5: Separate ports">
+<meta name="keywords" content="GnuTLS 3.1.5: Separate ports">
+<meta name="resource-type" content="document">
+<meta name="distribution" content="global">
+<meta name="Generator" content="makeinfo">
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link href="index.html#Top" rel="start" title="Top">
+<link href="Function-and-Data-Index.html#Function-and-Data-Index" rel="index" title="Function and Data Index">
+<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents">
+<link href="How-to-use-TLS-in-application-protocols.html#How-to-use-TLS-in-application-protocols" rel="up" title="How to use TLS in application protocols">
+<link href="Upward-negotiation.html#Upward-negotiation" rel="next" title="Upward negotiation">
+<link href="How-to-use-TLS-in-application-protocols.html#How-to-use-TLS-in-application-protocols" rel="previous" title="How to use TLS in application protocols">
+<style type="text/css">
+<!--
+a.summary-letter {text-decoration: none}
+blockquote.smallquotation {font-size: smaller}
+div.display {margin-left: 3.2em}
+div.example {margin-left: 3.2em}
+div.indentedblock {margin-left: 3.2em}
+div.lisp {margin-left: 3.2em}
+div.smalldisplay {margin-left: 3.2em}
+div.smallexample {margin-left: 3.2em}
+div.smallindentedblock {margin-left: 3.2em; font-size: smaller}
+div.smalllisp {margin-left: 3.2em}
+kbd {font-style:oblique}
+pre.display {font-family: inherit}
+pre.format {font-family: inherit}
+pre.menu-comment {font-family: serif}
+pre.menu-preformatted {font-family: serif}
+pre.smalldisplay {font-family: inherit; font-size: smaller}
+pre.smallexample {font-size: smaller}
+pre.smallformat {font-family: inherit; font-size: smaller}
+pre.smalllisp {font-size: smaller}
+span.nocodebreak {white-space:nowrap}
+span.nolinebreak {white-space:nowrap}
+span.roman {font-family:serif; font-weight:normal}
+span.sansserif {font-family:sans-serif; font-weight:normal}
+ul.no-bullet {list-style: none}
+body { 
+	margin: 2%;
+	padding: 0 5%;
+	background: #ffffff;
+}
+h1,h2,h3,h4,h5 {
+    font-weight: bold;
+    padding: 5px 5px 5px 5px;
+    background-color: #c2e0ff;
+    color: #336699;
+}
+h1 {
+    padding: 2em 2em 2em 5%;
+    color: white;
+    background: #336699;
+    text-align: center;
+    letter-spacing: 3px;
+}
+h2 { text-decoration: underline; }
+pre {
+  margin: 0 5%;
+  padding: 0.5em;
+}
+pre.example,pre.verbatim {
+  padding-bottom: 1em;
+
+  border: solid #c2e0ff;
+  background: #f0faff;
+  border-width: 1px 1px 1px 5px;
+  margin: 1em auto;
+  width: 90%;
+}
+
+div.node {
+  margin: 0 -5% 0 -2%;
+  padding: 0.5em 0.5em;
+  margin-top: 0.5em;
+  margin-bottom: 0.5em;
+  font-weight: bold;
+}
+dd, li {
+  padding-top: 0.1em;
+  padding-bottom: 0.1em;
+}
+div.float {
+
+  margin-bottom: 0.5em;
+  text-align: center;
+}
+
+table {
+  text-align: left;
+  margin-left:auto;
+  margin-right:auto;
+  width: 50%;
+}
+
+th {
+  padding: 0;
+  color: #336699;
+  background-color: #c2e0ff;
+  border: solid #000000;
+  border-width: 0px;
+  margin: 1em auto;
+  text-align: center;
+  margin-left:auto;
+  margin-right:auto;
+}
+
+td {
+  padding: 0;
+  border: solid #000000;
+  background-color: #f0faff;
+  border-width: 0px;
+  margin: 1em auto;
+  text-align: left;
+  margin-left:auto;
+  margin-right:auto;
+  padding-left: 1em;
+}
+
+dl {
+  text-align: left;
+  margin-left:auto;
+  margin-right:auto;
+  width: 50%;
+
+  padding-left: 1em;
+  border: solid #c2e0ff;
+  background: #f0faff;
+  border-width: 5px 1px 1px 1px;
+  margin: 1em auto;
+}
+
+-->
+</style>
+
+
+</head>
+
+<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
+<a name="Separate-ports"></a>
+<div class="header">
+<p>
+Next: <a href="Upward-negotiation.html#Upward-negotiation" accesskey="n" rel="next">Upward negotiation</a>, Up: <a href="How-to-use-TLS-in-application-protocols.html#How-to-use-TLS-in-application-protocols" accesskey="u" rel="up">How to use TLS in application protocols</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p>
+</div>
+<hr>
+<a name="Separate-ports-1"></a>
+<h4 class="subsection">3.7.1 Separate ports</h4>
+
+<p>Traditionally <acronym>SSL</acronym> was used in application protocols by
+assigning a new port number for the secure services. That way two
+separate ports were assigned, one for the non secure sessions, and one
+for the secured ones. This has the benefit that if a user requests a
+secure session then the client will try to connect to the secure port
+and fail otherwise. The only possible attack with this method is a
+denial of service one. The most famous example of this method is the
+famous &ldquo;HTTP over TLS&rdquo; or <acronym>HTTPS</acronym> protocol [<em>RFC2818</em>].
+</p>
+<p>Despite its wide use, this method is not as good as it seems.  This
+approach starts the <acronym>TLS</acronym> Handshake procedure just after the
+client connects on the &mdash;so called&mdash; secure port.  That way the
+<acronym>TLS</acronym> protocol does not know anything about the client, and
+popular methods like the host advertising in HTTP do not
+work<a name="DOCF6" href="#FOOT6"><sup>6</sup></a>.  There is no way for the client to say &ldquo;I
+connected to YYY server&rdquo; before the Handshake starts, so the server
+cannot possibly know which certificate to use.
+</p>
+<p>Other than that it requires two separate ports to run a single
+service, which is unnecessary complication. Due to the fact that there
+is a limitation on the available privileged ports, this approach was
+soon obsoleted.
+</p>
+<div class="footnote">
+<hr>
+<h4 class="footnotes-heading">Footnotes</h4>
+
+<h3><a name="FOOT6" href="#DOCF6">(6)</a></h3>
+<p>See also the Server Name Indication extension on
+<a href="Server-name-indication.html#serverind">serverind</a>.</p>
+</div>
+
+
+
+</body>
+</html>