You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2011/11/18 20:03:51 UTC
DO NOT REPLY [Bug 52210] New: Add TLS Next Protocol Negotiation
(NPN) support to mod_ssl
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
Bug #: 52210
Summary: Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Product: Apache httpd-2
Version: 2.2-HEAD
Platform: PC
OS/Version: Linux
Status: NEW
Keywords: PatchAvailable
Severity: enhancement
Priority: P2
Component: mod_ssl
AssignedTo: bugs@httpd.apache.org
ReportedBy: mdsteele@google.com
Classification: Unclassified
Created attachment 27969
--> https://issues.apache.org/bugzilla/attachment.cgi?id=27969
Patch for mod_ssl to add NPN hooks
OpenSSL 1.0.1 added support for TLS Next Protocol Negotiation (NPN) [1], a
feature which allows client and server to negotiate what protocol should be
used over the secure connection. I propose adding hooks into mod_ssl to allow
other modules to access this feature. In particular, this would open the door
for a module that would support SPDY [2], a performance-improving protocol that
is now supported by (at least) Google Chrome, Amazon Silk, Firefox (targeting
FF11), and Strangeloop, but not yet by Apache httpd. (Not coincidentally, I am
working on implementing such a module.)
The changes needed to mod_ssl are pretty simple; I have a small patch here that
adds these hooks. The patch attached below was made against the httpd-2.2.x
branch, but of course I would be happy to modify the patch as necessary for
other version(s).
[1] NPN is described here:
http://technotes.googlecode.com/git/nextprotoneg.html
[2] SPDY is described here: http://dev.chromium.org/spdy/spdy-protocol
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
Stefan Eissing <st...@eissing.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #32381|0 |1
is obsolete| |
CC| |stefan@eissing.org
--- Comment #19 from Stefan Eissing <st...@eissing.org> ---
Created attachment 32399
--> https://issues.apache.org/bugzilla/attachment.cgi?id=32399&action=edit
Patch update to always announce http/1.1 over NPN
As requested in https://issues.apache.org/bugzilla/show_bug.cgi?id=56028 I
updated my patch to always announce "http/1.1" over NPN (ALPN already did it).
This means that when no hooks are installed, mod_ssl will always advertise
http/1.1 to clients on NPN/ALPN.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 52210] Add TLS Next Protocol Negotiation (NPN)
support to mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
--- Comment #2 from Paul Querna <ch...@force-elite.com> 2012-03-12 23:15:56 UTC ---
Also, yes, would prefer a patch rebased against the current trunk -- all new
features land there first.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 52210] Add TLS Next Protocol Negotiation (NPN)
support to mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
mdsteele@google.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #28513|0 |1
is obsolete| |
--- Comment #8 from mdsteele@google.com 2012-04-11 23:04:13 UTC ---
Created attachment 28588
--> https://issues.apache.org/bugzilla/attachment.cgi?id=28588
Updated patch for mod_ssl to add NPN hooks
Aha, that is good to know, thanks. I've updated the patch as you suggested.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 52210] Add TLS Next Protocol Negotiation (NPN)
support to mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
--- Comment #6 from mdsteele@google.com 2012-04-10 15:28:27 UTC ---
Thanks for taking a look. I confess that I am not terribly familiar with the
strict-aliasing rules, so I am not sure how best to avoid the problem here.
The issue is that SSL_get0_next_proto_negotiated requires an unsigned char**,
but apr_pstrmemdup and ssl_run_npn_proto_negotiated_hook each require a (plain,
not unsigned) char*. If I have no casts at all, the compiler complains. Is
the aliasing issue avoided if I cast to char* when I call apr_pstrmemdup and
ssl_run_npn_proto_negotiated_hook, rather than casting to unsigned char** when
I call SSL_get0_next_proto_negotiated, as I do now? If so, I'll fix that right
away; if not, what should I do instead?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
Stefan Eissing <st...@eissing.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #32463|0 |1
is obsolete| |
--- Comment #26 from Stefan Eissing <st...@eissing.org> ---
Created attachment 32464
--> https://issues.apache.org/bugzilla/attachment.cgi?id=32464&action=edit
Add ALPN/NPN support to mod_ssl
Update: fixed stupid NPNX define type, removed compiler warnings
Tested: with 2.4.12 and openssl 1.0.2/1.0.1l on darwin
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
Mark Nottingham <mn...@mnot.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mnot@mnot.net
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
Petter Blomberg <ap...@petterblomberg.se> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |apache@petterblomberg.se
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 52210] Add TLS Next Protocol Negotiation (NPN)
support to mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
Craig <ca...@integralblue.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |candrews@integralblue.com
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
Stefan Eissing <st...@eissing.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|2.2-HEAD |2.4-HEAD
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
--- Comment #16 from Stefan Eissing <st...@eissing.org> ---
Mark,
I understand. However OpenSSL 1.0.2 is currently in beta (although according to
R$ in production soon) and 1.0.1 does not have ALPN support. I also doubt,
giving the history, that everyone will deploy 1.0.2 immediately.
So, currently we have the situation where you cannot drop a mod_spdy into a 2.4
server without also replacing mod_ssl. The patch for NPN is in httpd/trunk, but
not in 2.4.
So, everyone wanting to do ALPN/NPN with a httpd 2.4 needs to replace mod_ssl
which is not a good idea, it seems.
I today have made a clean patch for the NPN changes in trunk to be applicable
to 2.4. I want to enhance this with a second patch that uses ALPN instead of
NPN of the underlying openssl supports it (compile time).
I think this will allow for an easier transition to newer openssl and
introduction of ALPN than having everyone write her own mod_ssl version.
My question to httpd developers would be if they want to change the "npn" part
of the callback function names to "alpn" - which is worth it imho. I will put
this on the mailing list for discussion.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
--- Comment #22 from Stefan Eissing <st...@eissing.org> ---
The original patch is from 2011. I think nowadays 2.4 is the target for this.
It certainly would be possible to downport it.
I updated the ticket to specify 2.4 as target.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
--- Comment #14 from Stefan Eissing <st...@eissing.org> ---
With OpenSSL 1.0.1 supporting NPN by default, it would be really great to get
this patch into the next 2.4 release. Even though NPN will be replaced by ALPN
(one day), there are protocols like SPDY and HTTP2 that will need to support
both for some time to allow migration.
I cannot speak for the openssl project, but current 1.0.1 release has no ALPN
support and the 1.0.2 with support is in beta. To add ALPN support to mod_ssl,
it seems to make send to delay that until openssl has a production release that
supports it.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 52210] Add TLS Next Protocol Negotiation (NPN)
support to mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
--- Comment #7 from Anders Kaseorg <an...@mit.edu> 2012-04-11 22:43:00 UTC ---
It’s not safe to const char ** to const unsigned char **, but it is safe to
cast const unsigned char * to const char * (because a specific exemption in the
strict aliasing rules allows any type of object to be accessed through a
pointer to a character type). So do this instead:
const unsigned char *next_proto = NULL;
SSL_get0_next_proto_negotiated(inctx->ssl, &next_proto, &next_proto_len);
ssl_run_npn_proto_negotiated_hook(f->c, (const char *)next_proto,
next_proto_len);
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
hanno@hboeck.de changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hanno@hboeck.de
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 52210] Add TLS Next Protocol Negotiation (NPN)
support to mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
mdsteele@google.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #27969|0 |1
is obsolete| |
--- Comment #3 from mdsteele@google.com 2012-03-20 16:06:29 UTC ---
Created attachment 28486
--> https://issues.apache.org/bugzilla/attachment.cgi?id=28486
Updated patch for mod_ssl to add NPN hooks
Thanks for the comments; here's an updated patch. I've rebased the patch
against trunk, and I believe I've fixed the C89 issues (tested with gcc
-std=c89 -pedantic). I've also added a debug-level logging message for the
negotiated protocol, as suggested.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 52210] Add TLS Next Protocol Negotiation (NPN)
support to mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
--- Comment #1 from Paul Querna <ch...@force-elite.com> 2012-03-12 23:12:06 UTC ---
Issues:
* Patch includes a few inline data declarations that won't compile with a
strict c89 compiler.
* I'd suggest adding a log level debug with the negotiated protocol.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 52210] Add TLS Next Protocol Negotiation (NPN)
support to mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
nada <ap...@valgronda.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |apache_bugzilla@valgronda.c
| |om
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
--- Comment #21 from adrhc@yahoo.com ---
Hi, I don't understand if the patch:
Patch update to always announce http/1.1 over NPN (21.41 KB, patch)
2015-01-27 09:28 UTC, Stefan Eissing
applies to httpd-2.2 (more specifically to 2.2.29).
The patch starts with these lines:
diff -ru gen/httpd-2.4.x/modules/ssl/mod_ssl.c modules/ssl/mod_ssl.c
--- gen/httpd-2.4.x/modules/ssl/mod_ssl.c 2015-01-19 16:52:30.000000000
+0100
What do I have to think ? it's for httpd-2.4.x ? If yes than what patch is for
httpd-2.2 ?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
--- Comment #15 from Mark Nottingham <mn...@mnot.net> ---
Stefan,
HTTP/2 uses ALPN, not NPN; the only reason some implementations use NPN is for
testing while ALPN filtered its way into OpenSSL and other TLS implementations.
OpenSSL supports ALPN as of 1.0.2. Browsers are even now starting to drop NPN
in their negotiation, because doing both has caused interop problems. NPN is a
dead end, as very explicitly stated by AGL and others.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 52210] Add TLS Next Protocol Negotiation (NPN)
support to mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
mdsteele@google.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #28486|0 |1
is obsolete| |
--- Comment #4 from mdsteele@google.com 2012-03-27 20:55:18 UTC ---
Created attachment 28513
--> https://issues.apache.org/bugzilla/attachment.cgi?id=28513
Updated patch for mod_ssl to add NPN hooks
Some minor tweaks to the patch to better conform to surrounding code style.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
Stefan Eissing <st...@eissing.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #32399|0 |1
is obsolete| |
--- Comment #23 from Stefan Eissing <st...@eissing.org> ---
Created attachment 32452
--> https://issues.apache.org/bugzilla/attachment.cgi?id=32452&action=edit
Updated patch introducing ALPN/NPN support for mod_ssl
This version of the patch uses correct ALPN/NPN defines and has been tested
against 2.4.10.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |FixedInTrunk
Status|RESOLVED |REOPENED
Resolution|FIXED |---
--- Comment #10 from Eric Covener <co...@gmail.com> ---
Re-opening; this is only in trunk.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
--- Comment #13 from Mark Nottingham <mn...@mnot.net> ---
NPN has been superseded by ALPN -
https://www.imperialviolet.org/2013/03/20/alpn.html
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
--- Comment #25 from Yann Ylavic <yl...@gmail.com> ---
It seems that HAVE_TLS_NPNX is defined instead of HAVE_TLS_NPN in the part of
the patch below.
Also, probably it shouldn't be defined when OPENSSL_NO_TLSEXT is used (like
HAVE_TLS_ALPN).
diff -ru gen/httpd-2.4.x/modules/ssl/ssl_private.h modules/ssl/ssl_private.h
--- gen/httpd-2.4.x/modules/ssl/ssl_private.h 2015-01-19 16:52:30.000000000
+0100
+++ modules/ssl/ssl_private.h 2015-01-19 15:42:53.908000000 +0100
@@ -176,6 +169,16 @@
[...]
+/* Next Protocol Negotiation */
+#if !defined(OPENSSL_NO_NEXTPROTONEG) && defined(OPENSSL_NPN_NEGOTIATED)
+#define HAVE_TLS_NPNX
+#endif
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
Joe Orton <jo...@redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
issues-apache@medienzuflucht.de changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |issues-apache@medienzufluch
| |t.de
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
--- Comment #11 from Jackie Rosen <ja...@hushmail.com> ---
*** Bug 260998 has been marked as a duplicate of this bug. ***
Seen from the domain http://volichat.com
Page where seen: http://volichat.com/adult-chat-rooms
Marked for reference. Resolved as fixed @bugzilla.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
--- Comment #9 from Joe Orton <jo...@redhat.com> ---
Added in r1332643 - I made a few tweaks:
1) added HAVE_TLS_NPN in ssl_private.h with the OpenSSL version logic
2) tweaked the hook name to use "modssl_" rather than "ssl_" to avoid further
polluting the "ssl_" namespace
Please shout if I broke something, I only tested compilation. Thanks a lot for
the contribution!
--
You are receiving this mail because:
You are the assignee for the bug.
DO NOT REPLY [Bug 52210] Add TLS Next Protocol Negotiation (NPN)
support to mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
Christopher Schramm <ap...@shakaweb.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |apache@shakaweb.org
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
Wulf C. Krueger <ph...@exherbo.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |philantrop@exherbo.org
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
--- Comment #20 from Romain Lapoux <ma...@manusfreedom.com> ---
@Stefan Eissing
In your patch, I think you have a bug, why do you have HAVE_ALPN_NPN and
HAVE_TLS_ALPN?
Only HAVE_TLS_ALPN is defined.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
--- Comment #11 from Yann Ylavic <yl...@gmail.com> ---
This is currently behing discussed in
https://www.mail-archive.com/dev@httpd.apache.org/msg59893.html
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 52210] Add TLS Next Protocol Negotiation (NPN)
support to mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
Bryan <bm...@google.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bmcquade@google.com
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
Björn Jacke <bj...@j3e.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bjoern@j3e.de
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
Stefan Eissing <st...@eissing.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #28588|0 |1
is obsolete| |
--- Comment #17 from Stefan Eissing <st...@eissing.org> ---
Created attachment 32381
--> https://issues.apache.org/bugzilla/attachment.cgi?id=32381&action=edit
2.4.x patch for adding ALPN+NPN support
This patch adds ALPN support to 2.4.x, building on the previous patch attached
to this ticket.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
--- Comment #18 from Stefan Eissing <st...@eissing.org> ---
The ALPN support changes the public functions from the previous patch:
- renames from "npn" to "alpn"
- adds an optional parameter to the advertise/propose function with the
protocol names supplied by the client
The patch keeps the NPN support, if the underlying openssl does not support
ALPN (version >= 1.0.2).
The patch introduces a new mod_ssl config directive: SSLAlpnPreference which is
a list of protocol names that determine which protocol gets chosen first, if
supported by the client.
A patch for httpd/trunk can be made available on request. A patch of mod_spdy
to use the new functions also. Let me know.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
--- Comment #12 from Björn Jacke <bj...@j3e.de> ---
(In reply to Yann Ylavic from comment #11)
> This is currently behing discussed in
> https://www.mail-archive.com/dev@httpd.apache.org/msg59893.html
this discussion is dead and it does not take into account that npn is a generic
mechanism to be able to switch to alternative protocols not neccessarily
limited to be used for spdy support.
Also this is part of openssl 1.0.1 - mod_ssl just needs to turn it on.
Another aspect why we really want to have NPN support in mod_ssl is: firefox
and chrome currently use the SSL optimization "false start" only if the server
also supports NPN. So with NPN support in mod_ssl we would get nice the side
effect to remove one roundtrip time for ssl handshakes for those clients.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
Stefan Eissing <st...@eissing.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #32452|0 |1
is obsolete| |
--- Comment #24 from Stefan Eissing <st...@eissing.org> ---
Created attachment 32463
--> https://issues.apache.org/bugzilla/attachment.cgi?id=32463&action=edit
Updated patch for ALPN/NPN support in mod_ssl
Fix in DEBUG log of negotiated protocol.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 52210] Add TLS Next Protocol Negotiation (NPN) support to
mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
Neustradamus <Ne...@hotmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |Neustradamus@hotmail.com
--
You are receiving this mail because:
You are the assignee for the bug.
DO NOT REPLY [Bug 52210] Add TLS Next Protocol Negotiation (NPN)
support to mod_ssl
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
--- Comment #5 from Joe Orton <jo...@redhat.com> 2012-04-10 14:46:02 UTC ---
Patch looks fine to me, though this:
+ const char *next_proto = NULL;
+ unsigned next_proto_len = 0;
+ SSL_get0_next_proto_negotiated(
+ inctx->ssl, (const unsigned char**)&next_proto, &next_proto_len);
is going to trip up gcc strict-aliasing tests, it should pass next_proto
without a cast.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org