Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0B711109C2 for ; Fri, 16 Oct 2015 09:48:33 +0000 (UTC) Received: (qmail 16279 invoked by uid 500); 16 Oct 2015 09:48:29 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 16241 invoked by uid 500); 16 Oct 2015 09:48:29 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 16231 invoked by uid 99); 16 Oct 2015 09:48:29 -0000 Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 16 Oct 2015 09:48:29 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 9F53E1809A8 for ; Fri, 16 Oct 2015 09:48:28 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.01 X-Spam-Level: X-Spam-Status: No, score=-0.01 tagged_above=-999 required=6.31 tests=[SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-us-east.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id 4tOyCovbTWgR for ; Fri, 16 Oct 2015 09:48:18 +0000 (UTC) Received: from mail.greenbytes.de (mail.greenbytes.de [217.91.35.233]) by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with ESMTPS id 7D1EC439E9 for ; Fri, 16 Oct 2015 09:48:17 +0000 (UTC) Received: from [192.168.1.48] (unknown [87.78.174.25]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.greenbytes.de (Postfix) with ESMTPSA id 6CAE915A047E for ; Fri, 16 Oct 2015 11:48:10 +0200 (CEST) From: Stefan Eissing Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: <415F7256-73F9-4458-8922-8E4A28892FF0@greenbytes.de> Date: Fri, 16 Oct 2015 11:48:09 +0200 To: users@httpd.apache.org Mime-Version: 1.0 (Mac OS X Mail 9.0 \(3094\)) X-Mailer: Apple Mail (2.3094) Subject: [users@httpd] mod_h2 protocols not working Chris, http://freebsd-admin.com does a 302 redirect to = https://freebsd-admin.com There is no connection upgrade happening on that. Can be argued that it = should. On the https side, I see: * Connected to freebsd-admin.com (78.46.185.201) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: =3D ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server accepted to use http/1.1 So ALPN is happening, but h2 is not selected. How did you configure = this? > Anfang der weitergeleiteten Nachricht: > =3D20 > Von: Chris > Datum: 16. Oktober 2015 um 11:22:57 MESZ > An: dev@httpd.apache.org > Betreff: Aw: mod_http2 protocols directive broken > =3D20 > Hi Stefan, here is the output of both checks. Note I will confirm also > curl is compiled with http2 support and will also show curl -V output. > =3D20 > Curl -V > "curl 7.45.0 (amd64-portbld-freebsd9.3) libcurl/7.45.0 OpenSSL/1.0.2d > zlib/1.2.8 libidn/1.31 nghttp2/1.3.4 > Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s > rtsp smb smbs smtp smtps telnet tftp > Features: AsynchDNS IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP > HTTP2 UnixSockets " > =3D20 > Curl http2 test > "# curl -v --http2 -v http://freebsd-admin.com/ > * Trying 2a01:4f8:201:5465::4... > * Connected to freebsd-admin.com (2a01:4f8:201:5465::4) port 80 (#0) >> GET / HTTP/1.1 >> Host: freebsd-admin.com >> User-Agent: curl/7.45.0 >> Accept: */* >> Connection: Upgrade, HTTP2-Settings >> Upgrade: h2c >> HTTP2-Settings: AAMAAABkAAQAAP__ >> =3D20 > < HTTP/1.1 302 Found > < Date: Fri, 16 Oct 2015 09:19:56 GMT > < Server: Apache > < X-Frame-Options: SAMEORIGIN > < X-Xss-Protection: 1; mode=3D3Dblock > < X-Content-Type-Options: nosniff > < Content-Security-Policy: default-src 'self'; script-src 'self' > 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src > 'self' https://*.freebsd-admin.com; img-src 'self' > https://*.freebsd-admin.com; style-src 'unsafe-inline' 'self' > https://*.freebsd-admin.com; block-all-mixed-content; > < X-Content-Security-Policy: default-src 'self'; script-src 'self' > 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src > 'self' https://*.freebsd-admin.com; img-src 'self' > https://*.freebsd-admin.com; style-src 'self' 'unsafe-inline' > https://*.freebsd-admin.com; block-all-mixed-content; > < Location: https://freebsd-admin.com/ > < Content-Length: 210 > < Content-Type: text/html; charset=3D3Diso-8859-1 > < > > > 302 Found > >

Found

>

The document has moved here.

> > * Connection #0 to host freebsd-admin.com left intact" > =3D20 > nghttp2 test > "# nghttp -uv http://freebsd-admin.com/ > [ 0.000] Connected > [ 0.000] HTTP Upgrade request > GET / HTTP/1.1 > Host: freebsd-admin.com > Connection: Upgrade, HTTP2-Settings > Upgrade: h2c > HTTP2-Settings: AAMAAABkAAQAAP__ > Accept: */* > User-Agent: nghttp2/1.3.4 > =3D20 > =3D20 > [ 0.001] HTTP Upgrade response > HTTP/1.1 302 Found > Date: Fri, 16 Oct 2015 09:21:42 GMT > Server: Apache > X-Frame-Options: SAMEORIGIN > X-Xss-Protection: 1; mode=3D3Dblock > X-Content-Type-Options: nosniff > Content-Security-Policy: default-src 'self'; script-src 'self' > 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src > 'self' https://*.freebsd-admin.com; img-src 'self' > https://*.freebsd-admin.com; style-src 'unsafe-inline' 'self' > https://*.freebsd-admin.com; block-all-mixed-content; > X-Content-Security-Policy: default-src 'self'; script-src 'self' > 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src > 'self' https://*.freebsd-admin.com; img-src 'self' > https://*.freebsd-admin.com; style-src 'self' 'unsafe-inline' > https://*.freebsd-admin.com; block-all-mixed-content; > Location: https://freebsd-admin.com/ > Content-Length: 210 > Content-Type: text/html; charset=3D3Diso-8859-1 > =3D20 > > > 302 Found > >

Found

>

The document has moved here.

> > =3D20 > [ERROR] HTTP Upgrade failed > Some requests were not processed. total=3D3D1, processed=3D3D0" > =3D20 > Finally I also set logging to http2:debug but I dont see anything that > indicates an error. > =3D20 > "[Fri Oct 16 10:06:01.060039 2015] [http2:info] [pid 19537:tid > 34410099712] mod_http2 (v1.0.0, nghttp2 1.3.4), initializing... > [Fri Oct 16 10:06:01.060051 2015] [http2:debug] [pid 19537:tid > 34410099712] h2_h2.c(72): h2_h2, child_init > [Fri Oct 16 10:06:01.060059 2015] [http2:debug] [pid 19537:tid > 34410099712] h2_switch.c(54): h2_switch init > [Fri Oct 16 10:06:01.060287 2015] [lbmethod_heartbeat:notice] [pid > 19537:tid 34410099712] AH02282: No slotmem from mod_heartmonitor > [Fri Oct 16 10:06:02.001571 2015] [mpm_event:notice] [pid 19537:tid > 34410099712] AH00489: Apache/2.4.17 (Unix) OpenSSL/1.0.2d configured > -- resuming normal operations > [Fri Oct 16 10:06:02.001600 2015] [core:notice] [pid 19537:tid > 34410099712] AH00094: Command line: '/usr/sbin/httpd -D SSL' > [Fri Oct 16 10:06:02.001697 2015] [http2:debug] [pid 19678:tid > 34410099712] h2_conn.c(123): h2_workers: min=3D3D32 max=3D3D64, =3D mthrpchild=3D3D32, > thr_limit=3D3D64 > [Fri Oct 16 10:06:02.001755 2015] [http2:debug] [pid 19678:tid > 34410099712] h2_workers.c(227): h2_workers: starting > [Fri Oct 16 10:06:02.002007 2015] [http2:debug] [pid 19727:tid > 34410099712] h2_conn.c(123): h2_workers: min=3D3D32 max=3D3D64, =3D mthrpchild=3D3D32, > thr_limit=3D3D64 > [Fri Oct 16 10:06:02.002062 2015] [http2:debug] [pid 19727:tid > 34410099712] h2_workers.c(227): h2_workers: starting" > =3D20 > Hope this helps. > =3D20 > On 16 October 2015 at 10:14, Stefan Eissing > wrote: >> Chris, >> =3D20 >> I wrote some advice at https://icing.github.io/mod_h2/howto.html =3D already. >> =3D20 >> There are several checks described. Which one fails for you and how? = =3D I need >> the output of the step that differs from the advice. Just a verbal =3D description >> is not enough. Thx. >> =3D20 >> //Stefan >> =3D20 >>> Am 16.10.2015 um 11:00 schrieb Chris : >>> =3D20 >>> Hi guys. >>> =3D20 >>> Was excited to see the module got added to 2.4.17 but I cannot get =3D= it >>> to work in my testing following information from this url. >>> https://icing.github.io/mod_h2/howto.html#http >>> =3D20 >>> So what is confirmed working? >>> =3D20 >>> I compiled apache with the appropriate configure flag. >>> =3D20 >>> I can confirm in the error log the module loads. >>> =3D20 >>> However the protocols directive seems to be ignored, testing with =3D both >>> curl and nghttp2, confirm only http 1.1. is used. I have tried =3D using >>> invalid syntax on the protocols directive to cause an error but the >>> server starts anyway without error as if it ignores the value, I =3D have >>> tried the value in both the server config and vhost which has no >>> affect. >>> =3D20 >>> Any ideas? >>> =3D20 >>> I have been testing on both http and https and both stuck on http =3D 1.1. >>> =3D20 >>> Chris >> =3D20 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org