Hi Lukas, On Sun, Sep 02, 2018 at 11:55:29AM +0200, Lukas Tribus wrote: > Ok. I think with OpenSSL 1.1.1 we may be able to configure ALPN > differently for RSA vs ECC certificates (of the same hostname), so by > not enabling h2 on RSA certificates, we basically disable H2 for > Chrome on Windows XP (Chrome using Microsoft's schannel supporting > only RSA on XP). Chrome on Windows Vista would still be broken (as > schannel on Vista supports ECC certificates), but the market share of > Vista is probably negligible. This should help those that cannot break > this unsupported browser/OS combination and still want to use H2. It's > just a theory though at the moment, I need to test it.
I like the idea very much! That's indeed something that could be interesting to study. I even think there's nothing about it that cannot be done with 1.0.2, it would deserve a test! Cheers, Willy
