i setup a ATS, then enable ssl and http2. curl shows ATS works fine. and chrome 56 shows it use protocal http 1.1 to connect to ATS. is there any ALPN / NPN negotiating problem between chrome and ATS?
how can i serve http2 for chrome? $ curl -vso /dev/null --http2 https://test.yaako.com <<< * Rebuilt URL to: https://test.yaako.com/ * Trying 118.184.176.21... * TCP_NODELAY set * Connected to test.yaako.com (118.184.176.21) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /usr/local/etc/openssl/cert.pem CApath: /usr/local/etc/openssl/certs * TLSv1.2 (OUT), TLS header, Certificate Status (22): } [5 bytes data] * TLSv1.2 (OUT), TLS handshake, Client hello (1): } [512 bytes data] * TLSv1.2 (IN), TLS handshake, Server hello (2): { [129 bytes data] * NPN, negotiated HTTP2 (h2) { [5 bytes data] * TLSv1.2 (IN), TLS handshake, Certificate (11): { [2471 bytes data] * TLSv1.2 (IN), TLS handshake, Server key exchange (12): { [333 bytes data] * TLSv1.2 (IN), TLS handshake, Request CERT (13): { [42 bytes data] * TLSv1.2 (IN), TLS handshake, Server finished (14): { [4 bytes data] * TLSv1.2 (OUT), TLS handshake, Certificate (11): } [7 bytes data] * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): } [70 bytes data] * TLSv1.2 (OUT), TLS change cipher, Client hello (1): } [1 bytes data] * TLSv1.2 (OUT), TLS handshake, Unknown (67): } [36 bytes data] * TLSv1.2 (OUT), TLS handshake, Finished (20): } [16 bytes data] * TLSv1.2 (IN), TLS change cipher, Client hello (1): { [1 bytes data] * TLSv1.2 (IN), TLS handshake, Finished (20): { [16 bytes data] * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server did not agree to a protocol * Server certificate: * subject: CN=test.yaako.com * start date: Mar 12 01:50:00 2017 GMT * expire date: Jun 10 01:50:00 2017 GMT * subjectAltName: host "test.yaako.com" matched cert's "test.yaako.com" * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 } [5 bytes data] * Using Stream ID: 1 (easy handle 0x7fc19c801600) } [5 bytes data] > GET / HTTP/2 > Host: test.yaako.com > User-Agent: curl/7.53.1 > Accept: */* > { [5 bytes data] * Connection state changed (MAX_CONCURRENT_STREAMS updated)! } [5 bytes data] < HTTP/2 200 < server: nginx/1.10.2 < date: Sun, 12 Mar 2017 09:52:35 GMT < content-type: text/html < content-length: 1958 < last-modified: Fri, 03 Mar 2017 04:34:32 GMT < etag: "58b8f258-7a6" < accept-ranges: bytes < age: 0 < via: http/1.1 h118-184-176-21 (ats/6.2.x) < { [5 bytes data] * Connection #0 to host test.yaako.com left intact -- Peng Yong
