Upgrading to TLS Within HTTP/1.1

This memo explains how to use the Upgrade mechanism in HTTP/1.1 to initiate Transport Layer Security (TLS) over an existing TCP connection. This allows unsecured and secured HTTP traffic to share the same well known port (in this case, http: at 80 rather than https: at 443). It also enables "virtual hosting", so a single HTTP + TLS server can disambiguate traffic intended for several hostnames at a single IP address. Since HTTP/1.1 [1] defines Upgrade as a hop-by-hop mechanism, this memo also documents the HTTP CONNECT method for establishing end-toend tunnels across HTTP proxies. Finally, this memo establishes new IANA registries for public HTTP status codes, as well as public or private Upgrade product tokens. This memo does NOT affect the current definition of the ’https’ URI scheme, which already defines a separate namespace (http://example.org/ and https://example.org/ are not equivalent). Khare & Lawrence Standards Track [Page 1] RFC2817 RFC.net Page 2 of 14 RFC 2817 HTTP Upgrade to TLS May 2000 Table of