httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: svn commit: r1695727 - in /httpd/httpd/trunk: docs/manual/mod/core.xml include/http_core.h server/core.c server/protocol.c
Date Wed, 02 Sep 2015 16:20:16 GMT
On Thu, Aug 13, 2015 at 5:33 PM,  <icing@apache.org> wrote:
> Author: icing
> Date: Thu Aug 13 15:33:07 2015
> New Revision: 1695727
>
> URL: http://svn.apache.org/r1695727
> Log:
> new directive ProtocolsHonorOrder, added documentation for Protocols feature, changed
preference selection and config merging
>
> Modified:
>     httpd/httpd/trunk/docs/manual/mod/core.xml
[]
>
> Modified: httpd/httpd/trunk/docs/manual/mod/core.xml
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml?rev=1695727&r1=1695726&r2=1695727&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/docs/manual/mod/core.xml (original)
> +++ httpd/httpd/trunk/docs/manual/mod/core.xml Thu Aug 13 15:33:07 2015
> @@ -3711,6 +3711,71 @@ Protocol https
>
>
>  <directivesynopsis>
> +    <name>Protocols</name>
> +    <description>Protocols available for a server/virtual host</description>
> +    <syntax>Protocols <var>protocol</var> ...</syntax>
> +    <contextlist><context>server config</context><context>virtual
host</context></contextlist>
> +    <compatibility>Only available from Apache 2.4.17 and later.</compatibility>
> +
> +    <usage>
> +        <p>This directive specifies the list of protocols supported for a
> +            server/virtual host. The list determines the allowed protocols
> +            a client may negotiate for this server/host.</p>
> +
> +        <p>You only need to set protocols if you want to limit the available
> +            protocols for a server/host. By default, all supported protocols
> +            are available to a client.</p>
> +
> +        <p>For example, if you want to support only HTTP/1.1 for a server, even
> +            though HTTP/2 is available, just specify this protocol only:</p>
> +
> +        <highlight language="config">
> +            Protocols http/1.1
> +        </highlight>

It is not clear to me (still, see [1]) why Protocols would default
like this, and h2 be available for all the vhosts (provided mod_http2
is loaded) unless the above is configured.
IOW, I'd prefer "Protocols http/1.1" to be the default (at least for 2.4.x).

Also, since "http/1.1" is implicit, and ssl_callback_alpn_select() is
unconditionally registered, we can end up negociating proposing
"http/1.1" with the client even if is was not asked (and using ALPN
extensions when not needed).
Couldn't we instead either not register the callback or return
SSL_TLSEXT_ERR_NOACK when no protocol is selected (including when no
Protocols is configured).

I think POLS suggests that...

[]
> +</directivesynopsis>
> +
> +
> +<directivesynopsis>
> +    <name>ProtocolsHonorOrder</name>
> +    <description>Protocols available for a server/virtual host</description>
> +    <syntax>ProtocolsHonorOrder On|Off</syntax>
> +    <default>ProtocolsHonorOrder Off</default>

Again here I'd suggest "On" by default (eg. SSLHonorCipherOrder is
quite recommended today, if that's a valid analogy).

[]
> +</directivesynopsis>

Regards,
Yann.

[1] http://www.mail-archive.com/dev%40httpd.apache.org/msg62160.html

Mime
View raw message