Return-Path: <users-return-6406-archive-asf-public=cust-asf.ponee.io@trafficserver.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 9CEF2200C35
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Sun, 12 Mar 2017 16:21:51 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id 9B8D3160B77; Sun, 12 Mar 2017 15:21:51 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id E542C160B63
	for <archive-asf-public@cust-asf.ponee.io>; Sun, 12 Mar 2017 16:21:50 +0100 (CET)
Received: (qmail 45439 invoked by uid 500); 12 Mar 2017 15:21:50 -0000
Mailing-List: contact users-help@trafficserver.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@trafficserver.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@trafficserver.apache.org>
List-Post: <mailto:users@trafficserver.apache.org>
List-Id: <users.trafficserver.apache.org>
Reply-To: users@trafficserver.apache.org
Delivered-To: mailing list users@trafficserver.apache.org
Received: (qmail 45430 invoked by uid 99); 12 Mar 2017 15:21:49 -0000
Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 12 Mar 2017 15:21:49 +0000
Received: from [10.140.183.144] (unknown [166.137.107.43])
	by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 9ABB71A0193
	for <users@trafficserver.apache.org>; Sun, 12 Mar 2017 15:21:49 +0000 (UTC)
From: Leif Hedstrom <zwoop@apache.org>
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (1.0)
Date: Sun, 12 Mar 2017 09:21:47 -0600
Subject: Re: http2 support on chrome
Message-Id: <EBFA134E-7E71-49D2-B538-F5FB48F08E45@apache.org>
References: <CAB4GJpV+Y6uc2NQocdyjL2me3PZV_Kk9VBb4mDji4+_ENFHhTQ@mail.gmail.com> <beabfb32-27c6-05ef-9ec9-af834eaf4329@thelounge.net> <CAB4GJpUx1Ek6sFkyEzzc_BfgrAXUkmoQjWG-=rjOHD3Ryhpm2A@mail.gmail.com> <CAOra-2ktWKoOchpLm7V0LKxq+iz7yBPkO-8aqeRJqdTeoXFC-Q@mail.gmail.com> <175ae15f-f150-6afa-67f7-fab7cc86ba56@thelounge.net> <CAB4GJpWFoiODUBaU=io-A6=j_XrYvMXxxFc0Px2SjWqZp8XuXg@mail.gmail.com>
In-Reply-To: <CAB4GJpWFoiODUBaU=io-A6=j_XrYvMXxxFc0Px2SjWqZp8XuXg@mail.gmail.com>
To: users@trafficserver.apache.org
X-Mailer: iPhone Mail (14D27)
archived-at: Sun, 12 Mar 2017 15:21:51 -0000

You can always build your own OpenSSL, installed in a separate directory (do=
n't mess with the system OpenSSL). And then tell ATS configure to use that t=
ree. That's what most of us do on the older distros.

-- Leif=20


> On Mar 12, 2017, at 9:18 AM, =E5=BD=AD=E5=8B=87 <ppyy@pubyun.com> wrote:
>=20
> openssl 1.0.2 will be ready for RHEL 7.4.
>=20
> i can't find a solution to upgrade openssl for centos 7.3 now, as
> openssl is a base library of the system.
>=20
> https://bugzilla.redhat.com/show_bug.cgi?id=3D1276310
>=20
>> On Sun, Mar 12, 2017 at 11:11 PM, Reindl Harald <h.reindl@thelounge.net> w=
rote:
>>=20
>>=20
>>> Am 12.03.2017 um 15:03 schrieb Masaori Koshiba:
>>>=20
>>> Hi Peng,
>>>=20
>>> If I remember correctly, Chrome stopped NPN support last year. =46rom yo=
ur
>>> log, your ATS is using NPN only.
>>> If you're using OpenSSL, the version could be old. OpenSSL has ALPN
>>> support from 1.0.2.
>>=20
>>=20
>> and RHEL7 has only 1.0.1
>> openssl-1.0.1e-60.el7_3.1.x86_64
>>=20
>> that' why we are running Fedora for nearly everything for a deacde now
>> because all that LTS stuff becomes way too fast annyoing - it's fine for
>> storage devices and routers / firewalls and for hosting legacy crap but
>> that's it
>>=20
>>>> * NPN, negotiated HTTP2 (h2)
>>>> ALPN, server did not agree to a protocol
>>=20
>>=20
>> https://www.ssllabs.com/ssltest/
>>=20
>>> 2017=E5=B9=B43=E6=9C=8812=E6=97=A5(=E6=97=A5) 20:49 =E5=BD=AD=E5=8B=87 <=
ppyy@pubyun.com <mailto:ppyy@pubyun.com>>:
>>>=20
>>>    i install 6.2.1 stable version on centos 7.
>>>=20
>>>    $ rpm -qa|grep traffic
>>>    trafficserver-6.2.1-2.el7.centos.x86_64
>>>=20
>>>    yes, curl can works fine with http2. and chrome choose http 1.1.
>>>=20
>>>    On Sun, Mar 12, 2017 at 6:40 PM, Reindl Harald
>>>    <h.reindl@thelounge.net <mailto:h.reindl@thelounge.net>> wrote:
>>>>=20
>>>>=20
>>>>> Am 12.03.2017 um 10:55 schrieb =E5=BD=AD=E5=8B=87:
>>>>>=20
>>>>> i setup a ATS,  then enable ssl and http2.
>>>>>=20
>>>>> curl shows ATS works fine. and chrome 56 shows it use protocal http
>>>>> 1.1 to connect to ATS. is there any  ALPN / NPN negotiating problem
>>>>> between chrome and ATS?
>>>>>=20
>>>>> how can i serve http2 for chrome?
>>>>=20
>>>>=20
>>>> i doubt that you need anything to do, at least with ATS 7.0 curl
>>>    don't need
>>>> any param and choses HTTP2 automatically and so every browser can
>>>    do - maybe
>>>> your ATS is just outdated?
>>>>=20
>>>> [harry@srv-rhsoft:~]$ curl --head https://www.thelounge.net/
>>>> HTTP/2.0 200
>>>> date:Sun, 12 Mar 2017 10:38:55 GMT
>>>> x-dns-prefetch-control:off
>>>> x-content-type-options:nosniff
>>>> x-response-time:D=3D5111 us
>>>> last-modified:Thu, 03 Sep 2015 09:04:29 GMT
>>>> expires:Sun, 12 Mar 2017 12:38:55 GMT
>>>> cache-control:public, proxy-revalidate
>>>> etag:04ea5ea0c7b43fd2fb3ee18d68b96557
>>>> vary:Accept-Encoding,User-Agent
>>>> content-type:text/html; charset=3DISO-8859-1
>>>> age:6
>>>> content-length:11658
>>>=20
>>>=20
>>>=20
>>>    --
>>>    Peng Yong
>>>=20
>>=20
>> --
>>=20
>> Reindl Harald
>> the lounge interactive design GmbH
>> A-1060 Vienna, Hofm=C3=BChlgasse 17
>> CTO / CISO / Software-Development
>> m: +43 676 40 221 40
>> p: +43 1 595 3999 33
>> http://www.thelounge.net/
>=20
>=20
>=20
> --=20
> Peng Yong