On Thu, Jun 4, 2015 at 2:39 PM, Yann Ylavic <[email protected]> wrote: > On Thu, Jun 4, 2015 at 2:30 PM, Eric Covener <[email protected]> wrote: >> >> >> On Thu, Jun 4, 2015 at 8:08 AM Yann Ylavic <[email protected]> wrote: >>> >>> I think what makes the thing a bit awkward is that the >>> negotiable/preferred ALNP identifiers (protocols) is configurable in >>> both httpd (SSLAlpnPreference) and mod_h2 (hard coded). >>> The former is only a hint while the latter is the real proposal to the >>> client (with the fall back to "http/1.1"). >>> >>> Maybe it would be cleaner to let the modules register the ALPN >>> identifiers (at configure time, with another optional function), and >>> get rid of SSLAlpnPreference on mod_ssl side. >>> If no identifier is registered, mod_ssl won't register the ALPN >>> callback either, so that httpd continues to work without ALPN when not >>> needed. >>> >> I think we need SSLAlpnPreference any time modules register ALPN protocols, >> otherwise the admin has no control over whih is negotiated. I don't think >> we should rip it out. > > OK, so it should probably be renammed SSLAlpnIDs or similar, and be > more than just a hint when configured (i.e. refuse connection if no > client ALPN ID matches).
I meant fall back to "http/1.1" still, not refuse the connection.
