You can always build your own OpenSSL, installed in a separate directory (don't mess with the system OpenSSL). And then tell ATS configure to use that tree. That's what most of us do on the older distros.
-- Leif > On Mar 12, 2017, at 9:18 AM, 彭勇 <[email protected]> wrote: > > openssl 1.0.2 will be ready for RHEL 7.4. > > i can't find a solution to upgrade openssl for centos 7.3 now, as > openssl is a base library of the system. > > https://bugzilla.redhat.com/show_bug.cgi?id=1276310 > >> On Sun, Mar 12, 2017 at 11:11 PM, Reindl Harald <[email protected]> >> wrote: >> >> >>> Am 12.03.2017 um 15:03 schrieb Masaori Koshiba: >>> >>> Hi Peng, >>> >>> If I remember correctly, Chrome stopped NPN support last year. From your >>> log, your ATS is using NPN only. >>> If you're using OpenSSL, the version could be old. OpenSSL has ALPN >>> support from 1.0.2. >> >> >> and RHEL7 has only 1.0.1 >> openssl-1.0.1e-60.el7_3.1.x86_64 >> >> that' why we are running Fedora for nearly everything for a deacde now >> because all that LTS stuff becomes way too fast annyoing - it's fine for >> storage devices and routers / firewalls and for hosting legacy crap but >> that's it >> >>>> * NPN, negotiated HTTP2 (h2) >>>> ALPN, server did not agree to a protocol >> >> >> https://www.ssllabs.com/ssltest/ >> >>> 2017年3月12日(日) 20:49 彭勇 <[email protected] <mailto:[email protected]>>: >>> >>> i install 6.2.1 stable version on centos 7. >>> >>> $ rpm -qa|grep traffic >>> trafficserver-6.2.1-2.el7.centos.x86_64 >>> >>> yes, curl can works fine with http2. and chrome choose http 1.1. >>> >>> On Sun, Mar 12, 2017 at 6:40 PM, Reindl Harald >>> <[email protected] <mailto:[email protected]>> wrote: >>>> >>>> >>>>> Am 12.03.2017 um 10:55 schrieb 彭勇: >>>>> >>>>> i setup a ATS, then enable ssl and http2. >>>>> >>>>> curl shows ATS works fine. and chrome 56 shows it use protocal http >>>>> 1.1 to connect to ATS. is there any ALPN / NPN negotiating problem >>>>> between chrome and ATS? >>>>> >>>>> how can i serve http2 for chrome? >>>> >>>> >>>> i doubt that you need anything to do, at least with ATS 7.0 curl >>> don't need >>>> any param and choses HTTP2 automatically and so every browser can >>> do - maybe >>>> your ATS is just outdated? >>>> >>>> [harry@srv-rhsoft:~]$ curl --head https://www.thelounge.net/ >>>> HTTP/2.0 200 >>>> date:Sun, 12 Mar 2017 10:38:55 GMT >>>> x-dns-prefetch-control:off >>>> x-content-type-options:nosniff >>>> x-response-time:D=5111 us >>>> last-modified:Thu, 03 Sep 2015 09:04:29 GMT >>>> expires:Sun, 12 Mar 2017 12:38:55 GMT >>>> cache-control:public, proxy-revalidate >>>> etag:04ea5ea0c7b43fd2fb3ee18d68b96557 >>>> vary:Accept-Encoding,User-Agent >>>> content-type:text/html; charset=ISO-8859-1 >>>> age:6 >>>> content-length:11658 >>> >>> >>> >>> -- >>> Peng Yong >>> >> >> -- >> >> Reindl Harald >> the lounge interactive design GmbH >> A-1060 Vienna, Hofmühlgasse 17 >> CTO / CISO / Software-Development >> m: +43 676 40 221 40 >> p: +43 1 595 3999 33 >> http://www.thelounge.net/ > > > > -- > Peng Yong
