[jira] [Updated] (TS-3152) We offer up H2-14 on current master, even when it's not working / supported
[ https://issues.apache.org/jira/browse/TS-3152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Atsutomo Kotani updated TS-3152: Attachment: TS-3152.diff quickfix We offer up H2-14 on current master, even when it's not working / supported --- Key: TS-3152 URL: https://issues.apache.org/jira/browse/TS-3152 Project: Traffic Server Issue Type: Bug Components: HTTP/2 Reporter: Leif Hedstrom Assignee: Alan M. Carroll Fix For: 5.2.0 Attachments: TS-3152.diff E.g. {code} [root@ats ~]# /usr/local/bin/nghttp -v https://www.ogre.com [ 0.112][NPN] server offers: * spdy/3.1 * spdy/3 * h2-14 * http/1.1 * http/1.0 The negotiated protocol: h2-14 ... [ 0.156] send SETTINGS frame length=0, flags=0x01, stream_id=0 ; ACK (niv=0) [ERROR] Network error Some requests were not processed. total=1, processed=0 {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (TS-3060) Attempt to send back a HTTP status code (e.g 408) upon a transaction activity timeout from the client
[ https://issues.apache.org/jira/browse/TS-3060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14181250#comment-14181250 ] ASF subversion and git services commented on TS-3060: - Commit 62ca9ec136ceb396b1d7bdb4e2cec19db3ff9b63 in trafficserver's branch refs/heads/master from [~sudheerv] [ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=62ca9ec ] [TS-3060]: No need to send 408 on VC_EVENT_EOS or VC_EVENT_ERROR Attempt to send back a HTTP status code (e.g 408) upon a transaction activity timeout from the client - Key: TS-3060 URL: https://issues.apache.org/jira/browse/TS-3060 Project: Traffic Server Issue Type: Improvement Components: Core, HTTP Affects Versions: 4.0.2 Reporter: Sudheer Vinukonda Assignee: Sudheer Vinukonda Labels: yahoo Fix For: 5.2.0 Attachments: TS-3060.diff This bug is similar to TS-3054, but, on the client connection. Currently, when ATS sees a transaction activity timeout on the client connection, it just closes the connection and releases the resources. As long as the socket is still active, it might be better to attempt sending back a HTTP status code to the client. For example, the use case might be a client sending a POST request with content-length, but doesn't send the body. ATS times out and aborts the connection without notifying the client. Even though, the inactivity timeout might indicate that the client connection is dead, it's possible that the body that the client sent was lost somewhere on the network before reaching ATS. It's possible that the status code response may never make it to the client for the same reasons, but, nevertheless, it's worth to give it a try. Some things to keep in mind are if the response headers have already been sent to the client, sending a status code is not possible. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (TS-2417) forward secrecy for non-EC key types
[ https://issues.apache.org/jira/browse/TS-2417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Leif Hedstrom updated TS-2417: -- Assignee: John Eaglesham forward secrecy for non-EC key types Key: TS-2417 URL: https://issues.apache.org/jira/browse/TS-2417 Project: Traffic Server Issue Type: Improvement Components: HTTP, SSL Reporter: Bryan Call Assignee: John Eaglesham Fix For: sometime mod_ssl bug and changes: https://issues.apache.org/bugzilla/show_bug.cgi?id=49559 Discussion on httpd-dev list: http://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3c52358ed1.2070...@velox.ch%3E -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (TS-2417) Add forward secrecy support with DHE (SSL related)
[ https://issues.apache.org/jira/browse/TS-2417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] John Eaglesham updated TS-2417: --- Summary: Add forward secrecy support with DHE (SSL related) (was: forward secrecy for non-EC key types) Add forward secrecy support with DHE (SSL related) -- Key: TS-2417 URL: https://issues.apache.org/jira/browse/TS-2417 Project: Traffic Server Issue Type: Improvement Components: HTTP, SSL Reporter: Bryan Call Assignee: John Eaglesham Fix For: sometime mod_ssl bug and changes: https://issues.apache.org/bugzilla/show_bug.cgi?id=49559 Discussion on httpd-dev list: http://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3c52358ed1.2070...@velox.ch%3E -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (TS-2417) Add forward secrecy support with DHE (SSL related)
[ https://issues.apache.org/jira/browse/TS-2417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14182104#comment-14182104 ] James Peach commented on TS-2417: - Well, since no-one is now running old versions of OpenSSL, is there any need to still do this? Add forward secrecy support with DHE (SSL related) -- Key: TS-2417 URL: https://issues.apache.org/jira/browse/TS-2417 Project: Traffic Server Issue Type: Improvement Components: HTTP, SSL Reporter: Bryan Call Assignee: John Eaglesham Fix For: sometime mod_ssl bug and changes: https://issues.apache.org/bugzilla/show_bug.cgi?id=49559 Discussion on httpd-dev list: http://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3c52358ed1.2070...@velox.ch%3E -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (TS-2417) Add forward secrecy support with DHE (SSL related)
[ https://issues.apache.org/jira/browse/TS-2417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14182128#comment-14182128 ] John Eaglesham commented on TS-2417: I don't think we should require all clients to support ECDHE if they want PFS, and some people may not trust ECDHE. Add forward secrecy support with DHE (SSL related) -- Key: TS-2417 URL: https://issues.apache.org/jira/browse/TS-2417 Project: Traffic Server Issue Type: Improvement Components: HTTP, SSL Reporter: Bryan Call Assignee: John Eaglesham Fix For: sometime mod_ssl bug and changes: https://issues.apache.org/bugzilla/show_bug.cgi?id=49559 Discussion on httpd-dev list: http://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3c52358ed1.2070...@velox.ch%3E -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (TS-3152) We offer up H2-14 on current master, even when it's not working / supported
[ https://issues.apache.org/jira/browse/TS-3152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14182298#comment-14182298 ] bettydramit commented on TS-3152: - with ts-3152.diff Test with nghttp nghttp -v https://aaa.verycdn.cn/a.html [ 0.080][NPN] server offers: * http/1.1 * http/1.0 [ERROR] HTTP/2 protocol was not selected. (nghttp2 expects h2-14) [ERROR] Could not connect to the host Some requests were not processed. total=1, processed=0 We offer up H2-14 on current master, even when it's not working / supported --- Key: TS-3152 URL: https://issues.apache.org/jira/browse/TS-3152 Project: Traffic Server Issue Type: Bug Components: HTTP/2 Reporter: Leif Hedstrom Assignee: Alan M. Carroll Fix For: 5.2.0 Attachments: TS-3152.diff E.g. {code} [root@ats ~]# /usr/local/bin/nghttp -v https://www.ogre.com [ 0.112][NPN] server offers: * spdy/3.1 * spdy/3 * h2-14 * http/1.1 * http/1.0 The negotiated protocol: h2-14 ... [ 0.156] send SETTINGS frame length=0, flags=0x01, stream_id=0 ; ACK (niv=0) [ERROR] Network error Some requests were not processed. total=1, processed=0 {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (TS-3152) We offer up H2-14 on current master, even when it's not working / supported
[ https://issues.apache.org/jira/browse/TS-3152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14182352#comment-14182352 ] James Peach commented on TS-3152: - -1 on the compile-time HTTP/2 patch. This should just default to off and only be enabled when it is explicitly specified on a port. We offer up H2-14 on current master, even when it's not working / supported --- Key: TS-3152 URL: https://issues.apache.org/jira/browse/TS-3152 Project: Traffic Server Issue Type: Bug Components: HTTP/2 Reporter: Leif Hedstrom Assignee: Alan M. Carroll Fix For: 5.2.0 Attachments: TS-3152.diff E.g. {code} [root@ats ~]# /usr/local/bin/nghttp -v https://www.ogre.com [ 0.112][NPN] server offers: * spdy/3.1 * spdy/3 * h2-14 * http/1.1 * http/1.0 The negotiated protocol: h2-14 ... [ 0.156] send SETTINGS frame length=0, flags=0x01, stream_id=0 ; ACK (niv=0) [ERROR] Network error Some requests were not processed. total=1, processed=0 {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (TS-3152) We offer up H2-14 on current master, even when it's not working / supported
[ https://issues.apache.org/jira/browse/TS-3152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14182366#comment-14182366 ] Leif Hedstrom commented on TS-3152: --- Hmmm, I guess I don't understand the issue here. The docs say, and I agree with that, that if I just specify ssl, it'll use all supported protocols. What I had expected to happen is this: 1) If I compile with SPDY enabled, it would then offer SPDY, unless I tell it not to. 2) If I compile it with H2 enabled, it would then offer H2, unless I tell it not to. Having to manually enable these things both at compile time and then again at config time seems annoying at best, and probably even confusing. I'd venture a guess that if you compile with e.g. SPDY support, you want that to be on by default. We offer up H2-14 on current master, even when it's not working / supported --- Key: TS-3152 URL: https://issues.apache.org/jira/browse/TS-3152 Project: Traffic Server Issue Type: Bug Components: HTTP/2 Reporter: Leif Hedstrom Assignee: Alan M. Carroll Fix For: 5.2.0 Attachments: TS-3152.diff E.g. {code} [root@ats ~]# /usr/local/bin/nghttp -v https://www.ogre.com [ 0.112][NPN] server offers: * spdy/3.1 * spdy/3 * h2-14 * http/1.1 * http/1.0 The negotiated protocol: h2-14 ... [ 0.156] send SETTINGS frame length=0, flags=0x01, stream_id=0 ; ACK (niv=0) [ERROR] Network error Some requests were not processed. total=1, processed=0 {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (TS-3152) We offer up H2-14 on current master, even when it's not working / supported
[ https://issues.apache.org/jira/browse/TS-3152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14182366#comment-14182366 ] Leif Hedstrom edited comment on TS-3152 at 10/24/14 3:08 AM: - Hmmm, I guess I don't understand the issue here. The docs say, and I agree with that, that if I just specify ssl, it'll use all supported protocols. What I had expected to happen is this: 1) If I compile with SPDY enabled, it would then offer SPDY, unless I tell it not to. 1.5) If I don't compile with SPDY, it would never offer SPDY, no matter what the config. 2) If I compile it with H2 enabled, it would then offer H2, unless I tell it not to. 2.5) If I don't compile with H2, it would never offer H2, no matter what the config. Having to manually enable these things both at compile time and then again at config time seems annoying at best, and probably even confusing. I'd venture a guess that if you compile with e.g. SPDY support, you want that to be on by default. was (Author: zwoop): Hmmm, I guess I don't understand the issue here. The docs say, and I agree with that, that if I just specify ssl, it'll use all supported protocols. What I had expected to happen is this: 1) If I compile with SPDY enabled, it would then offer SPDY, unless I tell it not to. 2) If I compile it with H2 enabled, it would then offer H2, unless I tell it not to. Having to manually enable these things both at compile time and then again at config time seems annoying at best, and probably even confusing. I'd venture a guess that if you compile with e.g. SPDY support, you want that to be on by default. We offer up H2-14 on current master, even when it's not working / supported --- Key: TS-3152 URL: https://issues.apache.org/jira/browse/TS-3152 Project: Traffic Server Issue Type: Bug Components: HTTP/2 Reporter: Leif Hedstrom Assignee: Alan M. Carroll Fix For: 5.2.0 Attachments: TS-3152.diff E.g. {code} [root@ats ~]# /usr/local/bin/nghttp -v https://www.ogre.com [ 0.112][NPN] server offers: * spdy/3.1 * spdy/3 * h2-14 * http/1.1 * http/1.0 The negotiated protocol: h2-14 ... [ 0.156] send SETTINGS frame length=0, flags=0x01, stream_id=0 ; ACK (niv=0) [ERROR] Network error Some requests were not processed. total=1, processed=0 {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)