On Sun, Sep 02, 2018 at 09:24:33PM +0200, Lukas Tribus wrote:
> Hello,
>
>
> On Sun, 2 Sep 2018 at 17:24, Willy Tarreau <w...@1wt.eu> wrote:
> >
> > Hi Lukas,
> >
> > On Sun, Sep 02, 2018 at 11:55:29AM +0200, Lukas Tribus wrote:
> > > Ok. I think with OpenSSL 1.1.1 we may be able to configure ALPN
> > > differently for RSA vs ECC certificates (of the same hostname), so by
> > > not enabling h2 on RSA certificates, we basically disable H2 for
> > > Chrome on Windows XP (Chrome using Microsoft's schannel supporting
> > > only RSA on XP). Chrome on Windows Vista would still be broken (as
> > > schannel on Vista supports ECC certificates), but the market share of
> > > Vista is probably negligible. This should help those that cannot break
> > > this unsupported browser/OS combination and still want to use H2. It's
> > > just a theory though at the moment, I need to test it.
> >
> > I like the idea very much! That's indeed something that could be
> > interesting to study. I even think there's nothing about it that
> > cannot be done with 1.0.2, it would deserve a test!
>
> I tried it and it works fine, crt-list looking like this:
> /etc/private/ssl/sitecert-rsa.pem [alpn http/1.1]
> /etc/private/ssl/sitecert-ecc.pem [alpn h2,http/1.1]
>
> However, openssl 1.1.1 (or boringssl) is required for this, also see
> commit 84e417d85934 ("MINOR: ssl: support Openssl 1.1.1 early callback
> for switchctx"). I doubt this can be done with older openssl.
Ah, I guess it's related to the fact that both carry the same name and
only differ by the key algorithm. Anyway that's a very interesting
approach, I think it would be worth writing an article about it
somewhere.
Cheers,
Willy
