You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Jim Jagielski <ji...@jaguNET.com> on 2014/04/28 23:50:19 UTC

SSL and NPN

Any reason to NOT include

	http://svn.apache.org/viewvc?view=revision&revision=1332643
	http://svn.apache.org/viewvc?view=revision&revision=1487772

in 2.4??

Re: SSL and NPN

Posted by Hanno Böck <ha...@hboeck.de>.

On Tue, 29 Apr 2014 07:05:29 +0200
Falco Schwarz <hi...@falco.me> wrote:

> AFAIK OpenSSL does not support NPN out of the box either and obe
> would have to apply patches to the openssl-src in order to get NPN
> support. In OpenSSL 1.0.2 ALPN support has been added, though.

OpenSSL 1.0.1 supports NPN out of the box.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: BBB51E42

Re: SSL and NPN

Posted by Falco Schwarz <hi...@falco.me>.

AFAIK OpenSSL does not support NPN out of the box either and obe would have to apply patches to the openssl-src in order to get NPN support. In OpenSSL 1.0.2 ALPN support has been added, though.

I know it is easy to say and probably takes a lot of effort to implement, but wouldn't it be better to implement ALPN into httpd?

> On 28 Apr 2014, at 23:50, Jim Jagielski <ji...@jagunet.com> wrote:
> 
> Any reason to NOT include
> 
>    http://svn.apache.org/viewvc?view=revision&revision=1332643
>    http://svn.apache.org/viewvc?view=revision&revision=1487772
> 
> in 2.4??

Re: SSL and NPN

Posted by Yehuda Katz <ye...@ymkatz.net>.

I have not looked at the patches or ALPN in detail, but I think the
important question is how hard it would be to change this for (or add) ALPN
support. If Chrome is planning to remove NPN support, it does not seem very
useful to add the feature to HTTPD.

- Y

On Mon, Apr 28, 2014 at 5:56 PM, Tim Bannister <is...@jellybaby.net> wrote:

> On 28 Apr 2014, at 22:50, Jim Jagielski <ji...@jaguNET.com> wrote:
>
> > Any reason to NOT include
> >
> >       http://svn.apache.org/viewvc?view=revision&revision=1332643
> >       http://svn.apache.org/viewvc?view=revision&revision=1487772
> >
> > in 2.4??
>
> I don't think https://www.imperialviolet.org/2013/03/20/alpn.html is
> enough reason not to backport, but I'll mention it.
>
> --
> Tim Bannister – isoma@jellybaby.net
>
>

Re: SSL and NPN

Posted by Tim Bannister <is...@jellybaby.net>.

On 28 Apr 2014, at 22:50, Jim Jagielski <ji...@jaguNET.com> wrote:

> Any reason to NOT include
> 
> 	http://svn.apache.org/viewvc?view=revision&revision=1332643
> 	http://svn.apache.org/viewvc?view=revision&revision=1487772
> 
> in 2.4??

I don't think https://www.imperialviolet.org/2013/03/20/alpn.html is enough reason not to backport, but I'll mention it.

-- 
Tim Bannister – isoma@jellybaby.net

Re: SSL and NPN

Posted by Paul Querna <pa...@querna.org>.

Tend to agree with the other comments, NPN by itself will be
deprecated quickly, ALPN is the future.  I'd vote for a series of back
ports that include both NPN and ALPN together.

On Mon, Apr 28, 2014 at 2:50 PM, Jim Jagielski <ji...@jagunet.com> wrote:
> Any reason to NOT include
>
>         http://svn.apache.org/viewvc?view=revision&revision=1332643
>         http://svn.apache.org/viewvc?view=revision&revision=1487772
>
> in 2.4??