openssl 1.0.2 will be ready for RHEL 7.4. i can't find a solution to upgrade openssl for centos 7.3 now, as openssl is a base library of the system.
https://bugzilla.redhat.com/show_bug.cgi?id=1276310 On Sun, Mar 12, 2017 at 11:11 PM, Reindl Harald <[email protected]> wrote: > > > Am 12.03.2017 um 15:03 schrieb Masaori Koshiba: >> >> Hi Peng, >> >> If I remember correctly, Chrome stopped NPN support last year. From your >> log, your ATS is using NPN only. >> If you're using OpenSSL, the version could be old. OpenSSL has ALPN >> support from 1.0.2. > > > and RHEL7 has only 1.0.1 > openssl-1.0.1e-60.el7_3.1.x86_64 > > that' why we are running Fedora for nearly everything for a deacde now > because all that LTS stuff becomes way too fast annyoing - it's fine for > storage devices and routers / firewalls and for hosting legacy crap but > that's it > >>> * NPN, negotiated HTTP2 (h2) >>> ALPN, server did not agree to a protocol > > > https://www.ssllabs.com/ssltest/ > >> 2017年3月12日(日) 20:49 彭勇 <[email protected] <mailto:[email protected]>>: >> >> i install 6.2.1 stable version on centos 7. >> >> $ rpm -qa|grep traffic >> trafficserver-6.2.1-2.el7.centos.x86_64 >> >> yes, curl can works fine with http2. and chrome choose http 1.1. >> >> On Sun, Mar 12, 2017 at 6:40 PM, Reindl Harald >> <[email protected] <mailto:[email protected]>> wrote: >> > >> > >> > Am 12.03.2017 um 10:55 schrieb 彭勇: >> >> >> >> i setup a ATS, then enable ssl and http2. >> >> >> >> curl shows ATS works fine. and chrome 56 shows it use protocal http >> >> 1.1 to connect to ATS. is there any ALPN / NPN negotiating problem >> >> between chrome and ATS? >> >> >> >> how can i serve http2 for chrome? >> > >> > >> > i doubt that you need anything to do, at least with ATS 7.0 curl >> don't need >> > any param and choses HTTP2 automatically and so every browser can >> do - maybe >> > your ATS is just outdated? >> > >> > [harry@srv-rhsoft:~]$ curl --head https://www.thelounge.net/ >> > HTTP/2.0 200 >> > date:Sun, 12 Mar 2017 10:38:55 GMT >> > x-dns-prefetch-control:off >> > x-content-type-options:nosniff >> > x-response-time:D=5111 us >> > last-modified:Thu, 03 Sep 2015 09:04:29 GMT >> > expires:Sun, 12 Mar 2017 12:38:55 GMT >> > cache-control:public, proxy-revalidate >> > etag:04ea5ea0c7b43fd2fb3ee18d68b96557 >> > vary:Accept-Encoding,User-Agent >> > content-type:text/html; charset=ISO-8859-1 >> > age:6 >> > content-length:11658 >> >> >> >> -- >> Peng Yong >> > > -- > > Reindl Harald > the lounge interactive design GmbH > A-1060 Vienna, Hofmühlgasse 17 > CTO / CISO / Software-Development > m: +43 676 40 221 40 > p: +43 1 595 3999 33 > http://www.thelounge.net/ -- Peng Yong
