httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Eissing <stefan.eiss...@greenbytes.de>
Subject Re: [Bug 58437] mod_h2: h2c doesn't work using upgrade from http 1.1
Date Wed, 30 Sep 2015 11:56:50 GMT
On a correct installation, you should see

    * Connected to greenbytes.de (217.91.35.233) port 443 (#0)
--> * ALPN, offering h2
--> * ALPN, offering http/1.1
    * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH

in the curl output, followed by a 

    * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
--> * ALPN, server accepted to use h2
    * Server certificate:

and if the server does not talk ALPN, you see

--> * ALPN, server did not agree to a protocol

So, your curl is not what it should be. Please take this to the curl mailing list. If curl
outputs the correct debug information and you still see no h2 negotiated, lets continue here.

//Stefan

> Am 30.09.2015 um 13:40 schrieb bugzilla@apache.org:
> 
> https://bz.apache.org/bugzilla/show_bug.cgi?id=58437
> 
> --- Comment #22 from Javier Gusano Martinez <javier.gusano@hpe.com> ---
> (In reply to Yann Ylavic from comment #19)
>> Capital 'V' is for Version.
>> Your system's curl is probably compiled with your (now removed) system's
>> openssl.
> 
> Now it looks that cURL is using right version of Openssl 1.0.2:
> 
> $ curl -V
> curl 7.44.0 (x86_64-unknown-linux-gnu) libcurl/7.44.0 OpenSSL/1.0.2d zlib/1.2.8
> nghttp2/1.3.2
> Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb
> smbs smtp smtps telnet tftp
> Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets
> 
> 
> But Apache continues without http2 suport when I use https://
> 
> 
> curl -v --http2 https://localhost:443
> * Rebuilt URL to: https://localhost:443/
> *   Trying 127.0.0.1...
> * Connected to localhost (127.0.0.1) port 443 (#0)
> * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
> * successfully set certificate verify locations:
> *   CAfile: /etc/ssl/certs/ca-certificates.crt
>  CApath: none
> * TLSv1.2 (OUT), TLS Unknown, Certificate Status (22):
> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
> * TLSv1.2 (IN), TLS handshake, Server hello (2):
> * TLSv1.2 (IN), TLS handshake, Certificate (11):
> * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
> * TLSv1.2 (IN), TLS handshake, Server finished (14):
> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
> * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
> * TLSv1.2 (OUT), TLS handshake, Finished (20):
> * TLSv1.2 (IN), TLS change cipher, Client hello (1):
> * TLSv1.2 (IN), TLS handshake, Finished (20):
> * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
> * Server certificate:
> *        subject: C=ES; ST=Madrid; L=Madrid; O=Telefonica Investigacion y
> Desarrollo; CN=*.bluevia.com
> *        start date: 2014-10-06 00:00:00 GMT
> *        expire date: 2016-01-05 23:59:59 GMT
> *        subjectAltName does not match localhost
> * SSL: no alternative certificate subject name matches target host name
> 'localhost'
> * Closing connection 0
> * TLSv1.2 (OUT), TLS alert, Client hello (1):
> curl: (51) SSL: no alternative certificate subject name matches target host
> name 'localhost'
> 
> 
> Some idea about what's happening here? :S
> 
> -- 
> You are receiving this mail because:
> You are the assignee for the bug.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
> For additional commands, e-mail: bugs-help@httpd.apache.org
> 

<green/>bytes GmbH
Hafenweg 16, 48155 Münster, Germany
Phone: +49 251 2807760. Amtsgericht Münster: HRB5782




---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message