On Wed, Jun 3, 2015 at 3:43 PM, Stefan Eissing <stefan.eiss...@greenbytes.de> wrote: > Hmm, personally, I do not like redundant configurations. If someone > configures a module, like mod_h2, to be enabled (H2Engine on), she could > expect the module to take all the necessary steps. So I am no fan of a > „SSLAlpnEnable“.
Neither do I, but we can't break non-http/2 configurations with "modern" browsers. If "http/1.1" is a MUST in the clients' protocols there is no issue here... > > As to the "check for sc->server->ssl_alpn_pref->nelts“ that is very much > depending on the order of hooks. > In the case of mod_h2, registering for alpn happens in pre connection hooks > and those run *after* mod_ssl pre_connection hook, I am pretty sure. Well, ssl_alpn_pref is initialized at config time, so it should always be filled at connection time (unlike sslconn->{alpn_proposefns,alpn_negofns}). This means enabling ALPN only if SSLALPNPreference is used.