trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From 彭勇 <p...@pubyun.com>
Subject Re: http2 support on chrome
Date Sun, 12 Mar 2017 15:47:38 GMT
redhat bugzilla #1276310 said Fixed In Version: openssl-1.0.2k-1.el7.
and i found a 1.0.2k package:

https://copr-be.cloud.fedoraproject.org/results/bitshaka/openssl-lts/epel-7-x86_64/00504994-openssl/
https://copr.fedorainfracloud.org/coprs/bitshaka/

Rebuild openssl-1.0.2 packages from https://koji.fedoraproject.org/
for CentOS/RHEL 7.x Motivation The OpenSSL version shipped is rather
outdated, and, more importantly will not be supported any more. Also
available is the 1.0.2 series. This is also our Long Term Support
(LTS) version (support will be provided until 31st December 2019). The
1.0.1 version is currently only receiving security bug fixes and all
support will be discontinued for this version on 31st December 2016.
OpenSSL Download Page Note The built packages should be binary
compatible with all packages that depend on OpenSSL currently shipped
with CentOS/RHEL 7.x (judging from the head of the specfile 1.0.0
soversion = 10) Features OpenSSL 1.0.2 includes a number of
improvements, most importantly, support for ALPN (e.i. enabling
HTTP2). For a full list have a look at
https://www.openssl.org/news/openssl-1.0.2-notes.html.


then i upgrade to 1.0.2k.

after i recompile traffic server, it works now.





On Sun, Mar 12, 2017 at 11:41 PM, Reindl Harald <h.reindl@thelounge.net> wrote:
>
>
> Am 12.03.2017 um 16:21 schrieb Leif Hedstrom:
>>
>> You can always build your own OpenSSL, installed in a separate directory
>> (don't mess with the system OpenSSL). And then tell ATS configure to use
>> that tree. That's what most of us do on the older distros.
>
>
> yes, but then you no longer use trafficserver-6.2.1-2.el7.centos.x86_64 as
> RPM beause you have to build ATS also at your own
>
> when the machine is a dedicated proxy you no longer have many reasons using
> CentOS at all and can at the same time go to a recent ATS version which just
> overrides the distro packages (dunno what Fedora currently ships as example)
>
> [root@proxy:~]$ rpm -q trafficserver
> trafficserver-7.0.0-1.fc24.20170120.rh.x86_64
>
> [root@proxy:~]$ rpm -q --filesbypkg trafficserver
> trafficserver             /etc/ld.so.conf.d/trafficserver-x86_64.conf
> trafficserver             /etc/trafficserver
> trafficserver             /etc/trafficserver/body_factory
> trafficserver             /etc/trafficserver/body_factory/default
> trafficserver /etc/trafficserver/body_factory/default/.body_factory_info
> trafficserver             /etc/trafficserver/internal
> trafficserver             /etc/trafficserver/snapshots
> trafficserver             /etc/trafficserver/ssl
> trafficserver             /etc/trafficserver/trafficserver-release
> trafficserver             /run/trafficserver
> trafficserver             /usr/bin/traffic_cop
> trafficserver             /usr/bin/traffic_crashlog
> trafficserver             /usr/bin/traffic_ctl
> trafficserver             /usr/bin/traffic_layout
> trafficserver             /usr/bin/traffic_logcat
> trafficserver             /usr/bin/traffic_logstats
> trafficserver             /usr/bin/traffic_manager
> trafficserver             /usr/bin/traffic_server
> trafficserver             /usr/bin/traffic_top
> trafficserver             /usr/bin/traffic_via
> trafficserver             /usr/lib/systemd/system/trafficserver.service
> trafficserver             /usr/lib/tmpfiles.d/trafficserver.conf
> trafficserver             /usr/lib64/trafficserver
> trafficserver             /usr/lib64/trafficserver/libatscppapi.so.7
> trafficserver             /usr/lib64/trafficserver/libatscppapi.so.7.0.0
> trafficserver             /usr/lib64/trafficserver/libtsconfig.so.7
> trafficserver             /usr/lib64/trafficserver/libtsconfig.so.7.0.0
> trafficserver             /usr/lib64/trafficserver/libtsmgmt.so.7
> trafficserver             /usr/lib64/trafficserver/libtsmgmt.so.7.0.0
> trafficserver             /usr/lib64/trafficserver/libtsutil.so.7
> trafficserver             /usr/lib64/trafficserver/libtsutil.so.7.0.0
> trafficserver             /var/cache/trafficserver
> trafficserver             /var/log/trafficserver
>
>
>>> On Mar 12, 2017, at 9:18 AM, 彭勇 <ppyy@pubyun.com> wrote:
>>>
>>> openssl 1.0.2 will be ready for RHEL 7.4.
>>>
>>> i can't find a solution to upgrade openssl for centos 7.3 now, as
>>> openssl is a base library of the system.
>>>
>>> https://bugzilla.redhat.com/show_bug.cgi?id=1276310
>>>
>>>> On Sun, Mar 12, 2017 at 11:11 PM, Reindl Harald <h.reindl@thelounge.net>
>>>> wrote:
>>>>
>>>>
>>>>> Am 12.03.2017 um 15:03 schrieb Masaori Koshiba:
>>>>>
>>>>> Hi Peng,
>>>>>
>>>>> If I remember correctly, Chrome stopped NPN support last year. From
>>>>> your
>>>>> log, your ATS is using NPN only.
>>>>> If you're using OpenSSL, the version could be old. OpenSSL has ALPN
>>>>> support from 1.0.2.
>>>>
>>>>
>>>>
>>>> and RHEL7 has only 1.0.1
>>>> openssl-1.0.1e-60.el7_3.1.x86_64
>>>>
>>>> that' why we are running Fedora for nearly everything for a deacde now
>>>> because all that LTS stuff becomes way too fast annyoing - it's fine for
>>>> storage devices and routers / firewalls and for hosting legacy crap but
>>>> that's it
>>>>
>>>>>> * NPN, negotiated HTTP2 (h2)
>>>>>> ALPN, server did not agree to a protocol
>>>>
>>>>
>>>>
>>>> https://www.ssllabs.com/ssltest/
>>>>
>>>>> 2017年3月12日(日) 20:49 彭勇 <ppyy@pubyun.com <mailto:ppyy@pubyun.com>>:
>>>>>
>>>>>    i install 6.2.1 stable version on centos 7.
>>>>>
>>>>>    $ rpm -qa|grep traffic
>>>>>    trafficserver-6.2.1-2.el7.centos.x86_64
>>>>>
>>>>>    yes, curl can works fine with http2. and chrome choose http 1.1.
>>>>>
>>>>>    On Sun, Mar 12, 2017 at 6:40 PM, Reindl Harald
>>>>>    <h.reindl@thelounge.net <mailto:h.reindl@thelounge.net>>
wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Am 12.03.2017 um 10:55 schrieb 彭勇:
>>>>>>>
>>>>>>> i setup a ATS,  then enable ssl and http2.
>>>>>>>
>>>>>>> curl shows ATS works fine. and chrome 56 shows it use protocal
http
>>>>>>> 1.1 to connect to ATS. is there any  ALPN / NPN negotiating problem
>>>>>>> between chrome and ATS?
>>>>>>>
>>>>>>> how can i serve http2 for chrome?
>>>>>>
>>>>>>
>>>>>>
>>>>>> i doubt that you need anything to do, at least with ATS 7.0 curl
>>>>>
>>>>>    don't need
>>>>>>
>>>>>> any param and choses HTTP2 automatically and so every browser can
>>>>>
>>>>>    do - maybe
>>>>>>
>>>>>> your ATS is just outdated?
>>>>>>
>>>>>> [harry@srv-rhsoft:~]$ curl --head https://www.thelounge.net/
>>>>>> HTTP/2.0 200
>>>>>> date:Sun, 12 Mar 2017 10:38:55 GMT
>>>>>> x-dns-prefetch-control:off
>>>>>> x-content-type-options:nosniff
>>>>>> x-response-time:D=5111 us
>>>>>> last-modified:Thu, 03 Sep 2015 09:04:29 GMT
>>>>>> expires:Sun, 12 Mar 2017 12:38:55 GMT
>>>>>> cache-control:public, proxy-revalidate
>>>>>> etag:04ea5ea0c7b43fd2fb3ee18d68b96557
>>>>>> vary:Accept-Encoding,User-Agent
>>>>>> content-type:text/html; charset=ISO-8859-1
>>>>>> age:6
>>>>>> content-length:11658



-- 
Peng Yong

Mime
View raw message