httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: ALPN patch comments
Date Thu, 04 Jun 2015 12:52:14 GMT
On Thu, Jun 4, 2015 at 2:39 PM, Yann Ylavic <ylavic.dev@gmail.com> wrote:
> On Thu, Jun 4, 2015 at 2:30 PM, Eric Covener <covener@gmail.com> wrote:
>>
>>
>> On Thu, Jun 4, 2015 at 8:08 AM Yann Ylavic <ylavic.dev@gmail.com> wrote:
>>>
>>> I think what makes the thing a bit awkward is that the
>>> negotiable/preferred ALNP identifiers (protocols) is configurable in
>>> both httpd (SSLAlpnPreference) and mod_h2 (hard coded).
>>> The former is only a hint while the latter is the real proposal to the
>>> client (with the fall back to "http/1.1").
>>>
>>> Maybe it would be cleaner to let the modules register the ALPN
>>> identifiers (at configure time, with another optional function), and
>>> get rid of SSLAlpnPreference on mod_ssl side.
>>> If no identifier is registered, mod_ssl won't register the ALPN
>>> callback either, so that httpd continues to work without ALPN when not
>>> needed.
>>>
>> I think we need SSLAlpnPreference any time modules register ALPN protocols,
>> otherwise the admin has no control over whih is negotiated.  I don't think
>> we should rip it out.
>
> OK, so it should probably be renammed SSLAlpnIDs or similar, and be
> more than just a hint when configured (i.e. refuse connection if no
> client ALPN ID matches).

I meant fall back to "http/1.1" still, not refuse the connection.

Mime
View raw message