On Wed, Jun 3, 2015 at 4:45 PM, Yann Ylavic <ylavic....@gmail.com> wrote: > > This means enabling ALPN only if SSLALPNPreference is used.
Something like below : Index: modules/ssl/mod_ssl.c =================================================================== --- modules/ssl/mod_ssl.c (revision 1683271) +++ modules/ssl/mod_ssl.c (working copy) @@ -456,6 +456,8 @@ static int modssl_register_alpn(conn_rec *c, ssl_alpn_proto_negotiated negotiatedfn) { #ifdef HAVE_TLS_ALPN + SSLSrvConfigRec *sc; + SSLConnRec *sslconn = myConnConfig(c); if (!sslconn) { @@ -462,6 +464,11 @@ static int modssl_register_alpn(conn_rec *c, return DECLINED; } + sc = mySrvConfig(sslconn->server); + if (sc->server->ssl_alpn_pref->nelts <= 0) { + return DECLINED; + } + if (!sslconn->alpn_proposefns) { sslconn->alpn_proposefns = apr_array_make(c->pool, 5, sizeof(ssl_alpn_propose_protos)); Index: modules/ssl/ssl_engine_init.c =================================================================== --- modules/ssl/ssl_engine_init.c (revision 1683271) +++ modules/ssl/ssl_engine_init.c (working copy) @@ -648,7 +648,9 @@ static void ssl_init_ctx_callbacks(server_rec *s, SSL_CTX_set_info_callback(ctx, ssl_callback_Info); #ifdef HAVE_TLS_ALPN - SSL_CTX_set_alpn_select_cb(ctx, ssl_callback_alpn_select, NULL); + if (s->ssl_alpn_pref->nelts > 0) { + SSL_CTX_set_alpn_select_cb(ctx, ssl_callback_alpn_select, NULL); + } #endif } --