trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From 彭勇 <p...@pubyun.com>
Subject http2 support on chrome
Date Sun, 12 Mar 2017 09:55:36 GMT
i setup a ATS,  then enable ssl and http2.

curl shows ATS works fine. and chrome 56 shows it use protocal http
1.1 to connect to ATS. is there any  ALPN / NPN negotiating problem
between chrome and ATS?

how can i serve http2 for chrome?

$ curl -vso /dev/null --http2 https://test.yaako.com

                                   <<<
* Rebuilt URL to: https://test.yaako.com/
*   Trying 118.184.176.21...
* TCP_NODELAY set
* Connected to test.yaako.com (118.184.176.21) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /usr/local/etc/openssl/cert.pem
  CApath: /usr/local/etc/openssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [129 bytes data]
* NPN, negotiated HTTP2 (h2)
{ [5 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2471 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
{ [42 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
} [7 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Unknown (67):
} [36 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=test.yaako.com
*  start date: Mar 12 01:50:00 2017 GMT
*  expire date: Jun 10 01:50:00 2017 GMT
*  subjectAltName: host "test.yaako.com" matched cert's "test.yaako.com"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x7fc19c801600)
} [5 bytes data]
> GET / HTTP/2
> Host: test.yaako.com
> User-Agent: curl/7.53.1
> Accept: */*
>
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
} [5 bytes data]
< HTTP/2 200
< server: nginx/1.10.2
< date: Sun, 12 Mar 2017 09:52:35 GMT
< content-type: text/html
< content-length: 1958
< last-modified: Fri, 03 Mar 2017 04:34:32 GMT
< etag: "58b8f258-7a6"
< accept-ranges: bytes
< age: 0
< via: http/1.1 h118-184-176-21 (ats/6.2.x)
<
{ [5 bytes data]
* Connection #0 to host test.yaako.com left intact


-- 
Peng Yong

Mime
View raw message