On Wed, Jun 3, 2015 at 3:43 PM, Stefan Eissing
<[email protected]> wrote:
> Hmm, personally, I do not like redundant configurations. If someone
> configures a module, like mod_h2, to be enabled (H2Engine on), she could
> expect the module to take all the necessary steps. So I am no fan of a
> „SSLAlpnEnable“.
Neither do I, but we can't break non-http/2 configurations with
"modern" browsers.
If "http/1.1" is a MUST in the clients' protocols there is no issue here...
>
> As to the "check for sc->server->ssl_alpn_pref->nelts“ that is very much
> depending on the order of hooks.
> In the case of mod_h2, registering for alpn happens in pre connection hooks
> and those run *after* mod_ssl pre_connection hook, I am pretty sure.
Well, ssl_alpn_pref is initialized at config time, so it should always
be filled at connection time (unlike
sslconn->{alpn_proposefns,alpn_negofns}).
This means enabling ALPN only if SSLALPNPreference is used.
