On Sun, Sep 02, 2018 at 09:24:33PM +0200, Lukas Tribus wrote: > Hello, > > > On Sun, 2 Sep 2018 at 17:24, Willy Tarreau <w...@1wt.eu> wrote: > > > > Hi Lukas, > > > > On Sun, Sep 02, 2018 at 11:55:29AM +0200, Lukas Tribus wrote: > > > Ok. I think with OpenSSL 1.1.1 we may be able to configure ALPN > > > differently for RSA vs ECC certificates (of the same hostname), so by > > > not enabling h2 on RSA certificates, we basically disable H2 for > > > Chrome on Windows XP (Chrome using Microsoft's schannel supporting > > > only RSA on XP). Chrome on Windows Vista would still be broken (as > > > schannel on Vista supports ECC certificates), but the market share of > > > Vista is probably negligible. This should help those that cannot break > > > this unsupported browser/OS combination and still want to use H2. It's > > > just a theory though at the moment, I need to test it. > > > > I like the idea very much! That's indeed something that could be > > interesting to study. I even think there's nothing about it that > > cannot be done with 1.0.2, it would deserve a test! > > I tried it and it works fine, crt-list looking like this: > /etc/private/ssl/sitecert-rsa.pem [alpn http/1.1] > /etc/private/ssl/sitecert-ecc.pem [alpn h2,http/1.1] > > However, openssl 1.1.1 (or boringssl) is required for this, also see > commit 84e417d85934 ("MINOR: ssl: support Openssl 1.1.1 early callback > for switchctx"). I doubt this can be done with older openssl.
Ah, I guess it's related to the fact that both carry the same name and only differ by the key algorithm. Anyway that's a very interesting approach, I think it would be worth writing an article about it somewhere. Cheers, Willy