Not that anybody has responded yet, but please find an important improvement
over this patch:
-if (hc->addr_conf->http2 && !sscf->h2) {
+if (r->http_version == NGX_HTTP_VERSION_20 && !sscf->h2) {
Full patch (with this improvement included) below:
diff -r 6b6e15bbda92 -r
Following on from the previous thread on this (
http://mailman.nginx.org/pipermail/nginx-devel/2017-June/010079.html ) , and
after discussion with the original author
< hongzhidao at gmail.com > , I'd like to present the patches we are using.
Please note the following improvements /
Hi, Valentin.
Please confirm again, thanks.
diff -r 5e05118678af src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c Mon May 29 23:33:38 2017 +0300
+++ b/src/http/modules/ngx_http_ssl_module.c Fri Jun 09 07:15:50 2017 -0400
@@ -234,6 +234,13 @@
Get it, thanks.
On Fri, Jun 9, 2017 at 7:45 PM, Valentin V. Bartenev
wrote:
> On Friday 09 June 2017 13:40:23 洪志道 wrote:
> > Hi, Valentin.
> >
> > "
> > Also please note that with your patch clients are still able to
> > negotiate HTTP/2 even if nginx doesn't announce it.
> > "
On Friday 09 June 2017 13:40:23 洪志道 wrote:
> Hi, Valentin.
>
> "
> Also please note that with your patch clients are still able to
> negotiate HTTP/2 even if nginx doesn't announce it.
> "
>
> Two points:
> 1. The patch forbids the clients explicitly not support HTTP/2 doing v2 (
>
Hi, Valentin.
"
Also please note that with your patch clients are still able to
negotiate HTTP/2 even if nginx doesn't announce it.
"
Two points:
1. The patch forbids the clients explicitly not support HTTP/2 doing v2 (
ngx_http_v2_init).
How to follow you mean of "with the patch, clients
WRT the below, he H2 RFC includes a new status code to deal with thus, 421:
https://tools.ietf.org/html/rfc7540#section-9.1.2
Client support is poor right no so it'd be good if sending 421 was optional
perhaps.
Cheers
Sent from my iPhone
On 8 Jun 2017, at 18:17, 洪志道
Thanks.
On Fri, Jun 9, 2017 at 1:09 AM, Valentin V. Bartenev
wrote:
> On Friday 09 June 2017 00:08:06 洪志道 wrote:
> > "
> >
> >For "https" resources, connection reuse additionally depends on
> >having a certificate that is valid for the host in the URI. The
> >
On Friday 09 June 2017 00:08:06 洪志道 wrote:
> "
>
>For "https" resources, connection reuse additionally depends on
>having a certificate that is valid for the host in the URI. The
>certificate presented by the server MUST satisfy any checks that the
>client would perform when
"
For "https" resources, connection reuse additionally depends on
having a certificate that is valid for the host in the URI. The
certificate presented by the server MUST satisfy any checks that the
client would perform when forming a new TLS connection for the host
in the URI.
"
On Thursday 08 June 2017 23:19:23 洪志道 wrote:
> It sounds right.
>
> According to the same situation, how does http2 protocol force other
> virtual servers to process certificate (ssl handshake).
>
> Example:
>
> server {
> listen 443 http2;
> a.com;
> ssl_certi;
> }
>
> server
It sounds right.
According to the same situation, how does http2 protocol force other
virtual servers to process certificate (ssl handshake).
Example:
server {
listen 443 http2;
a.com;
ssl_certi;
}
server {
listen 443 http2;
b.com;
ssl_certi;
}
We assume sni is
On Thursday 08 June 2017 12:07:29 洪志道 wrote:
> Hi!
> Now, http2 is enabled globally for 'listen' directive with ip:port.
> It seems it's possible to enable by server with sni, alpn, npn.
> Take a look, please.
>
[..]
How will "sni, alpn, npn" prevent browser from asking other virtual
servers
Sorry for the typo.
diff -r 5e05118678af src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c Mon May 29 23:33:38 2017 +0300
+++ b/src/http/modules/ngx_http_ssl_module.c Wed Jun 07 12:17:34 2017 -0400
@@ -234,6 +234,13 @@
offsetof(ngx_http_ssl_srv_conf_t,
Hi!
Now, http2 is enabled globally for 'listen' directive with ip:port.
It seems it's possible to enable by server with sni, alpn, npn.
Take a look, please.
diff -r 5e05118678af src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c Mon May 29 23:33:38 2017 +0300
+++
15 matches
Mail list logo