On Fri, Jun 11, 2021 at 12:46 PM <icing@apache.org> wrote:
>
> Author: icing
> Date: Fri Jun 11 10:45:25 2021
> New Revision: 1890693
>
> URL: http://svn.apache.org/viewvc?rev=1890693&view=rev
> Log:
> *) mod_ssl: tighten the handling of ALPN for outgoing (proxy)
> connections. If ALPN protocols are provided and sent to the
> remote server, the received protocol selected is inspected
> and checked for a match. Without match, the peer handshake
> fails.
> An exception is the proposal of "http/1.1" where it is
> accepted if the remote server did not answer ALPN with
> a selected protocol. This accomodates for hosts that do
> not observe/support ALPN and speak http/1.x be default.
While mod_proxy_http2 sets "proxy-request-alpn-protos", I don't think
that mod_proxy_http does.
Should it set "http/1.1" such that if the backend returns something
other than "http/1.1" or empty we fail the negotiation there too?
Cheers;
Yann.
>
> Author: icing
> Date: Fri Jun 11 10:45:25 2021
> New Revision: 1890693
>
> URL: http://svn.apache.org/viewvc?rev=1890693&view=rev
> Log:
> *) mod_ssl: tighten the handling of ALPN for outgoing (proxy)
> connections. If ALPN protocols are provided and sent to the
> remote server, the received protocol selected is inspected
> and checked for a match. Without match, the peer handshake
> fails.
> An exception is the proposal of "http/1.1" where it is
> accepted if the remote server did not answer ALPN with
> a selected protocol. This accomodates for hosts that do
> not observe/support ALPN and speak http/1.x be default.
While mod_proxy_http2 sets "proxy-request-alpn-protos", I don't think
that mod_proxy_http does.
Should it set "http/1.1" such that if the backend returns something
other than "http/1.1" or empty we fail the negotiation there too?
Cheers;
Yann.