On Thu, Jun 4, 2015 at 8:08 AM Yann Ylavic <ylavic....@gmail.com> wrote:
> I think what makes the thing a bit awkward is that the > negotiable/preferred ALNP identifiers (protocols) is configurable in > both httpd (SSLAlpnPreference) and mod_h2 (hard coded). > The former is only a hint while the latter is the real proposal to the > client (with the fall back to "http/1.1"). > > Maybe it would be cleaner to let the modules register the ALPN > identifiers (at configure time, with another optional function), and > get rid of SSLAlpnPreference on mod_ssl side. > If no identifier is registered, mod_ssl won't register the ALPN > callback either, so that httpd continues to work without ALPN when not > needed. > > I think we need SSLAlpnPreference any time modules register ALPN protocols, otherwise the admin has no control over whih is negotiated. I don't think we should rip it out.