That is why mod_h2 allowe "H2Engine on|off" on base server and vhosts. If I 
understand you correctly, this does what you ask for. 

//Stefan



> Am 03.06.2015 um 19:45 schrieb William A Rowe Jr <wr...@rowe-clan.net>:
> 
>> On Wed, Jun 3, 2015 at 8:43 AM, Stefan Eissing 
>> <stefan.eiss...@greenbytes.de> wrote:
>> Hmm, personally, I do not like redundant configurations. If someone 
>> configures a module, like mod_h2, to be enabled (H2Engine on), she could 
>> expect the module to take all the necessary steps. So I am no fan of a 
>> „SSLAlpnEnable“.
> 
> The reason boils down to vhosts and interop.  If someone does not wish
> for a specific vhost (perhaps interacting with bad clients, or created for
> backwards compatibility) to respond with a feature, it is useful to have
> a fine-grained toggle.  The default -could- be 'enabled', although this
> probably should not happen on the stable/maintenance branches, but 
> simply on the future release branch, to avoid surprises.
> 
> OpenSSL does the wrong thing in some cases with respect to TLS/SNI
> and my current patch development - in some respect - is backing out
> that callback change for customers who have been burned by this
> specific nonsense.  You should reconsider absolutist behaviors, 
> because they make it much harder for people to inject 'experimental' 
> behaviors into specific hosts.
> 
> 

Reply via email to