On Thu, Jun 4, 2015 at 2:30 PM, Eric Covener <cove...@gmail.com> wrote: > > > On Thu, Jun 4, 2015 at 8:08 AM Yann Ylavic <ylavic....@gmail.com> wrote: >> >> I think what makes the thing a bit awkward is that the >> negotiable/preferred ALNP identifiers (protocols) is configurable in >> both httpd (SSLAlpnPreference) and mod_h2 (hard coded). >> The former is only a hint while the latter is the real proposal to the >> client (with the fall back to "http/1.1"). >> >> Maybe it would be cleaner to let the modules register the ALPN >> identifiers (at configure time, with another optional function), and >> get rid of SSLAlpnPreference on mod_ssl side. >> If no identifier is registered, mod_ssl won't register the ALPN >> callback either, so that httpd continues to work without ALPN when not >> needed. >> > I think we need SSLAlpnPreference any time modules register ALPN protocols, > otherwise the admin has no control over whih is negotiated. I don't think > we should rip it out.
OK, so it should probably be renammed SSLAlpnIDs or similar, and be more than just a hint when configured (i.e. refuse connection if no client ALPN ID matches). Modules could then, the other way around, retrieve that list with an optional fn, and do nothing if none matches their aptitude...
