httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Eissing <stefan.eiss...@greenbytes.de>
Subject Re: svn commit: r1695727 - in /httpd/httpd/trunk: docs/manual/mod/core.xml include/http_core.h server/core.c server/protocol.c
Date Thu, 03 Sep 2015 12:47:07 GMT
Added in r1701005.

> Am 03.09.2015 um 11:49 schrieb Yann Ylavic <ylavic.dev@gmail.com>:
> 
> On Wed, Sep 2, 2015 at 7:54 PM, Stefan Eissing
> <stefan.eissing@greenbytes.de> wrote:
>> If we want to be more safe, we can change the Protocols default to just http/1.1.
Also the default for ordering we can change, np.
>> 
>> Other opinions?
> 
> Thanks, LGTM (though I like the idea of ap_select_protocol() returning
> a different value whether the client proposed "http/1.1" or not -
> NULL?) .
> 
>> 
>> For ALPN, afaik the callback only gets triggered if the client actually sends ALPN
in its hello. Since "http/1.1" is the only identifier defined in the standard (for http version
< 2), we cannot send any 1.0 or 0.9. And if the client does, it's an unidentified thing.
ALPN says that the server is free to select even a protocol not mentioned in the client hello.
So sending back "http/1.1" in case server/client wishes do not overlap is fine too. Either
the client reconsiders or closes the connection.
> 
> Doesn't the server have the (optional) ability to enforce Protocols
> (close/alert by itself)?
> 
>> 
>> Legacy clients will not send ALPN, so the whole handshake will work as before. (modulo
bugs)
> 
> Agreed.

<green/>bytes GmbH
Hafenweg 16, 48155 Münster, Germany
Phone: +49 251 2807760. Amtsgericht Münster: HRB5782




Mime
View raw message