httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: ALPN patch comments
Date Thu, 04 Jun 2015 12:39:56 GMT
On Thu, Jun 4, 2015 at 2:30 PM, Eric Covener <covener@gmail.com> wrote:
>
>
> On Thu, Jun 4, 2015 at 8:08 AM Yann Ylavic <ylavic.dev@gmail.com> wrote:
>>
>> I think what makes the thing a bit awkward is that the
>> negotiable/preferred ALNP identifiers (protocols) is configurable in
>> both httpd (SSLAlpnPreference) and mod_h2 (hard coded).
>> The former is only a hint while the latter is the real proposal to the
>> client (with the fall back to "http/1.1").
>>
>> Maybe it would be cleaner to let the modules register the ALPN
>> identifiers (at configure time, with another optional function), and
>> get rid of SSLAlpnPreference on mod_ssl side.
>> If no identifier is registered, mod_ssl won't register the ALPN
>> callback either, so that httpd continues to work without ALPN when not
>> needed.
>>
> I think we need SSLAlpnPreference any time modules register ALPN protocols,
> otherwise the admin has no control over whih is negotiated.  I don't think
> we should rip it out.

OK, so it should probably be renammed SSLAlpnIDs or similar, and be
more than just a hint when configured (i.e. refuse connection if no
client ALPN ID matches).
Modules could then, the other way around, retrieve that list with an
optional fn, and do nothing if none matches their aptitude...

Mime
View raw message