There is an external server posting data back to my server that is coming from an https address. The address it is posting to on my end is an http (no SSL) address. How does SSL encryption work between servers? Will this data be encrypted between the external server and my server, or does there need to be SSL on both ends to have the data be encrypted? Or does SSL just need to exist on the receiving end for data to be encrypted between servers?
A:
I'm not sure what you mean by data that "is coming from an https address". Do you mean that the page containing the form was served through https? This makes no difference.
If the URI that the remote server is posting to starts with https, then it will be encrypted. From what I understand from your post, that URI starts with http; hence, the POST data will not be encrypted.
(Small print: Unless your server is configured in a really weird way, and the other side is okay with that.)
Thomas
2009-09-30 14:49:03
A:
Posting is only encrypted in the context of an HTTPS session. If the external server is sending this request to your server in an plain http session, the data will NOT be encrypted.
mjv
2009-09-30 14:50:49