On Fri, Jun 11, 2021 at 12:46 PM <[email protected]> wrote: > > Author: icing > Date: Fri Jun 11 10:45:25 2021 > New Revision: 1890693 > > URL: http://svn.apache.org/viewvc?rev=1890693&view=rev > Log: > *) mod_ssl: tighten the handling of ALPN for outgoing (proxy) > connections. If ALPN protocols are provided and sent to the > remote server, the received protocol selected is inspected > and checked for a match. Without match, the peer handshake > fails. > An exception is the proposal of "http/1.1" where it is > accepted if the remote server did not answer ALPN with > a selected protocol. This accomodates for hosts that do > not observe/support ALPN and speak http/1.x be default.
While mod_proxy_http2 sets "proxy-request-alpn-protos", I don't think that mod_proxy_http does. Should it set "http/1.1" such that if the backend returns something other than "http/1.1" or empty we fail the negotiation there too? Cheers; Yann.
