I'm using AJAX to get a resource from a server that uses SSL/TLS protocols. I have to make sure that the AJAX call uses TLS. How can I do that? Is setting https:// in the URL enough?
Here is an exampe:
var urlServizi = 'https://........'
var soapMessage =
'<?xml version="1.0" encoding="utf-8"?>\
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">\
<soap:Body>\
<Login xmlns="http://tempuri.org/">\
<UserName>AAA</UserName>\
<Password>BBB</Password>\
<lingua>en</lingua>\
</Login>\
</soap:Body>\
</soap:Envelope>';
$.ajax({
url: urlServizi,
type: "POST",
async: true,
dataType: "text",
data: soapMessage,
contentType: "text/xml; charset=utf-8",
success: functionOK,
error: functionKO
});
If you're asking how to make the request over HTTPS instead of HTTP then yes, you're right.
If you're asking how to force TLS instead of something like SSL3 (in order to avoid the POODLE vulnerability for example) then you can't in Javascript code. The browser / user-agent has to be configured to use TLS when establishing secure connections. Using HTTPS in the URL is the right way to start, but you aren't necessarily guaranteed to use TLS by just doing that. Only if your user-agent is configured to do so.