httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: svn commit: r1890693 - in /httpd/httpd/trunk: changes-entries/ssl_alpn_outgoing.txt modules/ssl/ssl_engine_io.c
Date Fri, 11 Jun 2021 10:58:25 GMT
On Fri, Jun 11, 2021 at 12:46 PM <icing@apache.org> wrote:
>
> Author: icing
> Date: Fri Jun 11 10:45:25 2021
> New Revision: 1890693
>
> URL: http://svn.apache.org/viewvc?rev=1890693&view=rev
> Log:
>   *) mod_ssl: tighten the handling of ALPN for outgoing (proxy)
>      connections. If ALPN protocols are provided and sent to the
>      remote server, the received protocol selected is inspected
>      and checked for a match. Without match, the peer handshake
>      fails.
>      An exception is the proposal of "http/1.1" where it is
>      accepted if the remote server did not answer ALPN with
>      a selected protocol. This accomodates for hosts that do
>      not observe/support ALPN and speak http/1.x be default.

While mod_proxy_http2 sets "proxy-request-alpn-protos", I don't think
that mod_proxy_http does.
Should it set "http/1.1" such that if the backend returns something
other than "http/1.1" or empty we fail the negotiation there too?

Cheers;
Yann.

Mime
View raw message