Re: http2 support on chrome

Sun, 12 Mar 2017 08:41:54 -0700 


Am 12.03.2017 um 16:21 schrieb Leif Hedstrom:

You can always build your own OpenSSL, installed in a separate directory (don't 
mess with the system OpenSSL). And then tell ATS configure to use that tree. 
That's what most of us do on the older distros.



yes, but then you no longer use trafficserver-6.2.1-2.el7.centos.x86_64 
as RPM beause you have to build ATS also at your own



when the machine is a dedicated proxy you no longer have many reasons 
using CentOS at all and can at the same time go to a recent ATS version 
which just overrides the distro packages (dunno what Fedora currently 
ships as example)


[root@proxy:~]$ rpm -q trafficserver
trafficserver-7.0.0-1.fc24.20170120.rh.x86_64

[root@proxy:~]$ rpm -q --filesbypkg trafficserver
trafficserver             /etc/ld.so.conf.d/trafficserver-x86_64.conf
trafficserver             /etc/trafficserver
trafficserver             /etc/trafficserver/body_factory
trafficserver             /etc/trafficserver/body_factory/default

trafficserver 
/etc/trafficserver/body_factory/default/.body_factory_info

trafficserver             /etc/trafficserver/internal
trafficserver             /etc/trafficserver/snapshots
trafficserver             /etc/trafficserver/ssl
trafficserver             /etc/trafficserver/trafficserver-release
trafficserver             /run/trafficserver
trafficserver             /usr/bin/traffic_cop
trafficserver             /usr/bin/traffic_crashlog
trafficserver             /usr/bin/traffic_ctl
trafficserver             /usr/bin/traffic_layout
trafficserver             /usr/bin/traffic_logcat
trafficserver             /usr/bin/traffic_logstats
trafficserver             /usr/bin/traffic_manager
trafficserver             /usr/bin/traffic_server
trafficserver             /usr/bin/traffic_top
trafficserver             /usr/bin/traffic_via
trafficserver             /usr/lib/systemd/system/trafficserver.service
trafficserver             /usr/lib/tmpfiles.d/trafficserver.conf
trafficserver             /usr/lib64/trafficserver
trafficserver             /usr/lib64/trafficserver/libatscppapi.so.7
trafficserver             /usr/lib64/trafficserver/libatscppapi.so.7.0.0
trafficserver             /usr/lib64/trafficserver/libtsconfig.so.7
trafficserver             /usr/lib64/trafficserver/libtsconfig.so.7.0.0
trafficserver             /usr/lib64/trafficserver/libtsmgmt.so.7
trafficserver             /usr/lib64/trafficserver/libtsmgmt.so.7.0.0
trafficserver             /usr/lib64/trafficserver/libtsutil.so.7
trafficserver             /usr/lib64/trafficserver/libtsutil.so.7.0.0
trafficserver             /var/cache/trafficserver
trafficserver             /var/log/trafficserver


On Mar 12, 2017, at 9:18 AM, 彭勇 <[email protected]> wrote:

openssl 1.0.2 will be ready for RHEL 7.4.

i can't find a solution to upgrade openssl for centos 7.3 now, as
openssl is a base library of the system.

https://bugzilla.redhat.com/show_bug.cgi?id=1276310


On Sun, Mar 12, 2017 at 11:11 PM, Reindl Harald <[email protected]> wrote:



Am 12.03.2017 um 15:03 schrieb Masaori Koshiba:

Hi Peng,

If I remember correctly, Chrome stopped NPN support last year. From your
log, your ATS is using NPN only.
If you're using OpenSSL, the version could be old. OpenSSL has ALPN
support from 1.0.2.



and RHEL7 has only 1.0.1
openssl-1.0.1e-60.el7_3.1.x86_64

that' why we are running Fedora for nearly everything for a deacde now
because all that LTS stuff becomes way too fast annyoing - it's fine for
storage devices and routers / firewalls and for hosting legacy crap but
that's it


* NPN, negotiated HTTP2 (h2)
ALPN, server did not agree to a protocol



https://www.ssllabs.com/ssltest/


2017年3月12日(日) 20:49 彭勇 <[email protected] <mailto:[email protected]>>:

   i install 6.2.1 stable version on centos 7.

   $ rpm -qa|grep traffic
   trafficserver-6.2.1-2.el7.centos.x86_64

   yes, curl can works fine with http2. and chrome choose http 1.1.

   On Sun, Mar 12, 2017 at 6:40 PM, Reindl Harald
   <[email protected] <mailto:[email protected]>> wrote:




Am 12.03.2017 um 10:55 schrieb 彭勇:

i setup a ATS,  then enable ssl and http2.

curl shows ATS works fine. and chrome 56 shows it use protocal http
1.1 to connect to ATS. is there any  ALPN / NPN negotiating problem
between chrome and ATS?

how can i serve http2 for chrome?



i doubt that you need anything to do, at least with ATS 7.0 curl

   don't need

any param and choses HTTP2 automatically and so every browser can

   do - maybe

your ATS is just outdated?

[harry@srv-rhsoft:~]$ curl --head https://www.thelounge.net/
HTTP/2.0 200
date:Sun, 12 Mar 2017 10:38:55 GMT
x-dns-prefetch-control:off
x-content-type-options:nosniff
x-response-time:D=5111 us
last-modified:Thu, 03 Sep 2015 09:04:29 GMT
expires:Sun, 12 Mar 2017 12:38:55 GMT
cache-control:public, proxy-revalidate
etag:04ea5ea0c7b43fd2fb3ee18d68b96557
vary:Accept-Encoding,User-Agent
content-type:text/html; charset=ISO-8859-1
age:6
content-length:11658






















					Reply via email to