httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raphael Bauduin <rbli...@gmail.com>
Subject [users@httpd] getting http2 working
Date Tue, 01 Dec 2015 10:30:49 GMT
Hi,

I am upgrading an existing server to apache 2.4.17 to enable http2. It is
running on Linux (with an older apache and openssl version installed), and
I'm installing the new versions from source:
This is what I have installed from source:
http-2.4.17
nghttp2-1.3.4
openssl-1.0.2d
php-5.6.15

The http2 module is working without ssl (validated with nghttp2-1.3.4 ).
However, I can't get it to work with ssl because I don't have ALPN working:

openssl s_client  -connect 10.12.12.2:443 -servername myserver
---
No client certificate CA names sent
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2105 bytes and written 497 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.1
    Cipher    : ECDHE-RSA-AES256-SHA
    Session-ID: 98D3B15A.......
    Session-ID-ctx:
    Master-Key: 4EE8E88525B2........
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 53 45 80 dc 4f f9 36 8b-8e 5f 0d 6e 6c 53 4b 1c
SE..O.6.._.nlSK.
    ......
    00c0 - cb b6 54 86 13 c5 33 e8-96 88 51 13 08 ec b2 61
..T...3...Q....a

    Start Time: 1448965228
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---

>From the php info page, I have:
_SERVER["SSL_VERSION_INTERFACE"] mod_ssl/2.4.17
_SERVER["SSL_VERSION_LIBRARY"] OpenSSL/1.0.2d
 so it seems to be using the correct openssl libs.

In the ssl vhost, I have:
        Protocols h2 http/1.1
        SSLProtocol all -SSLv2 -SSLv3 -TLSv1.2
        SSLHonorCipherOrder on
        SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:HIGH:MEDIUM:!MD5:!RC4

In the logs, I have:

[ssl:info] [pid 6991:tid 2664164208] [client 10.12.12.1:57098] AH01964:
Connection to child 85 established (server my_server:443)
[ssl:debug] [pid 6991:tid 2664164208] ssl_engine_kernel.c(1933): [client
10.12.12.1:57098] AH02043: SSL virtual host for servername my_server found
[ssl:debug] [pid 6991:tid 2664164208] ssl_engine_kernel.c(1860): [client
10.12.12.1:57098] AH02041: Protocol: TLSv1.1, Cipher: ECDHE-RSA-AES256-SHA
(256/256 bits)
[ssl:debug] [pid 6991:tid 2664164208] ssl_engine_kernel.c(245): [client
10.12.12.1:57098] AH02034: Initial (No.1) HTTPS request received for child
85 (server my_server:443)

Did anyone see and solve this problem before?

Thanks

Rb

Mime
View raw message