Https in WAP environment

Https in WAP environment SearchSearch
Author Message
Murali Mohan.K
Posted on Tuesday, July 22, 2003 - 06:17 am:   

Hi,

I want to know how a "https" request can be used in wap 1.x environment.
Is it possible to send a https request without wtls layer with the browser stack?
I assume it may be possible to send a https request from a browser client (in this case there is no security for data till g/w) and g/w can use TLS/SSL with server. (This can be a case if the client really trusts the communication with g/w as secured).
My basic doubt is to know if its possible to use https from a browser without having wtls?

Also plz let me know how does https works in WAP1.x envoronment.

Thanx in advance
Murali
Bryce Norwood - NowSMS Support
Posted on Tuesday, July 22, 2003 - 04:35 pm:   

Murali,

Unfortunately it is WAP gateway dependent.

Some WAP gateways will only only make HTTPS connections if the client has connected with WTLS.

Some WAP gateways will make HTTPS connections, regardless of whether or not the client has connected with WTLS.

Some WAP gateways have configuration settings for whether or not HTTPS is allowed without WTLS.

Some WAP gateways don't support HTTPS, or only support them in special versions of the product.

I wish there were a clear concise answer, but you'll find that it varies, and there's not a good way to test without trying an HTTPS request.

-bn
Anonymous
Posted on Thursday, July 31, 2003 - 09:10 am:   

Hi.

As my understand based on WAP2.0. The WAP GW should not supprt the HTTPS. The security is based on the TLS.
Following is extracted from doc "WAP-229-http":
"
5.4.1. Establishing a Tunnel with CONNECT
The HTTP Server in the WAP Proxy MUST support the establishment of a Tunnel using the CONNECT method as
described in Section 5 of [RFC2817]. Once active in this role, the WAP Proxy is not considered a party to the HTTP
communication.
The HTTP Client in the WAP Terminal MUST support the establishment of a tunnel using the CONNECT method if
TLS is supported [WAPTLS].

Comet
Bryce Norwood - NowSMS Support
Posted on Thursday, July 31, 2003 - 04:12 pm:   

Comet,

Thanks for the input.

Just a bit of clarification. What you state is true when a WAP 2.0 client uses HTTP as its transport protocol.

A WAP 2.0 client can either use the Wireless Session Protocol (WAP WSP) v1.x, or it can use HTTP.

(It's a common misconception, but while a WAP 2.0 conformant client must support XHTML Basic at the presentation layer, it can support either of these transport protocols.)

In WSP, when encryption is used, WTLS is used from client to proxy (gateway), and TLS/SSL is used from proxy to content server. One of the problems with this architecture is that there is no way to tunnel TLS.

When a WAP 2.0 client uses HTTP and goes through a proxy, it uses the standard TLS/SSL tunneling procedure of an HTTP Proxy, as referenced in that spec. There is actually nothing WAP-specific about this approach, this is the same way that a conventional web browser, like Internet Explorer, makes a TLS/SSL connection through a proxy server.

-bn
Comete
Posted on Friday, August 01, 2003 - 06:44 am:   

Yes, totaly agree your point!!
BR/Comete