Return-Path: X-Original-To: apmail-httpd-bugs-archive@www.apache.org Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5962117B1C for ; Wed, 30 Sep 2015 11:57:17 +0000 (UTC) Received: (qmail 59574 invoked by uid 500); 30 Sep 2015 11:57:11 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 59526 invoked by uid 500); 30 Sep 2015 11:57:10 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 59516 invoked by uid 99); 30 Sep 2015 11:57:10 -0000 Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Sep 2015 11:57:10 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 6E90B1A3539 for ; Wed, 30 Sep 2015 11:57:10 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.001 X-Spam-Level: X-Spam-Status: No, score=0.001 tagged_above=-999 required=6.31 tests=[RP_MATCHES_RCVD=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-us-east.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id zk9ZQAZiXp98 for ; Wed, 30 Sep 2015 11:56:59 +0000 (UTC) Received: from mail.greenbytes.de (mail.greenbytes.de [217.91.35.233]) by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with ESMTPS id 577DD439B3 for ; Wed, 30 Sep 2015 11:56:59 +0000 (UTC) Received: from delight.greenbytes.de (unknown [5.10.171.186]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.greenbytes.de (Postfix) with ESMTPSA id 53DCE15A03B9 for ; Wed, 30 Sep 2015 13:56:51 +0200 (CEST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) Subject: Re: [Bug 58437] mod_h2: h2c doesn't work using upgrade from http 1.1 From: Stefan Eissing In-Reply-To: Date: Wed, 30 Sep 2015 13:56:50 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: References: To: Apache HTTPD Bugs Notification List X-Mailer: Apple Mail (2.2104) On a correct installation, you should see * Connected to greenbytes.de (217.91.35.233) port 443 (#0) --> * ALPN, offering h2 --> * ALPN, offering http/1.1 * Cipher selection: = ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH in the curl output, followed by a=20 * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 --> * ALPN, server accepted to use h2 * Server certificate: and if the server does not talk ALPN, you see --> * ALPN, server did not agree to a protocol So, your curl is not what it should be. Please take this to the curl = mailing list. If curl outputs the correct debug information and you = still see no h2 negotiated, lets continue here. //Stefan > Am 30.09.2015 um 13:40 schrieb bugzilla@apache.org: >=20 > https://bz.apache.org/bugzilla/show_bug.cgi?id=3D58437 >=20 > --- Comment #22 from Javier Gusano Martinez = --- > (In reply to Yann Ylavic from comment #19) >> Capital 'V' is for Version. >> Your system's curl is probably compiled with your (now removed) = system's >> openssl. >=20 > Now it looks that cURL is using right version of Openssl 1.0.2: >=20 > $ curl -V > curl 7.44.0 (x86_64-unknown-linux-gnu) libcurl/7.44.0 OpenSSL/1.0.2d = zlib/1.2.8 > nghttp2/1.3.2 > Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s = rtsp smb > smbs smtp smtps telnet tftp > Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 = UnixSockets >=20 >=20 > But Apache continues without http2 suport when I use https:// >=20 >=20 > curl -v --http2 https://localhost:443 > * Rebuilt URL to: https://localhost:443/ > * Trying 127.0.0.1... > * Connected to localhost (127.0.0.1) port 443 (#0) > * Cipher selection: = ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH > * successfully set certificate verify locations: > * CAfile: /etc/ssl/certs/ca-certificates.crt > CApath: none > * TLSv1.2 (OUT), TLS Unknown, Certificate Status (22): > * TLSv1.2 (OUT), TLS handshake, Client hello (1): > * TLSv1.2 (IN), TLS handshake, Server hello (2): > * TLSv1.2 (IN), TLS handshake, Certificate (11): > * TLSv1.2 (IN), TLS handshake, Server key exchange (12): > * TLSv1.2 (IN), TLS handshake, Server finished (14): > * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): > * TLSv1.2 (OUT), TLS change cipher, Client hello (1): > * TLSv1.2 (OUT), TLS handshake, Finished (20): > * TLSv1.2 (IN), TLS change cipher, Client hello (1): > * TLSv1.2 (IN), TLS handshake, Finished (20): > * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 > * Server certificate: > * subject: C=3DES; ST=3DMadrid; L=3DMadrid; O=3DTelefonica = Investigacion y > Desarrollo; CN=3D*.bluevia.com > * start date: 2014-10-06 00:00:00 GMT > * expire date: 2016-01-05 23:59:59 GMT > * subjectAltName does not match localhost > * SSL: no alternative certificate subject name matches target host = name > 'localhost' > * Closing connection 0 > * TLSv1.2 (OUT), TLS alert, Client hello (1): > curl: (51) SSL: no alternative certificate subject name matches target = host > name 'localhost' >=20 >=20 > Some idea about what's happening here? :S >=20 > --=20 > You are receiving this mail because: > You are the assignee for the bug. >=20 > --------------------------------------------------------------------- > To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org > For additional commands, e-mail: bugs-help@httpd.apache.org >=20 bytes GmbH Hafenweg 16, 48155 M=C3=BCnster, Germany Phone: +49 251 2807760. Amtsgericht M=C3=BCnster: HRB5782 --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org