It just needed to get out :) But I agree that since we are to implement the RFC, we must comply, and find a way to still comply with HTTP/1. Both checks on SNI and renegotiation occur in the post_read_request hook, so we should be able to deal with vhost's parameters (configured Protocols, ProtocolTransports...), and do the right thing.
On Tue, Jun 9, 2015 at 12:09 PM, Stefan Eissing <stefan.eiss...@greenbytes.de> wrote: > Yann, I am with you and feel at least unease about this mixing. > > But the RFC has been approved and browsers will adhere to it. So if we do not > enforce some policies in the server, connections will fail for mysterious > reasons. And tickets will be raised... > > >> Am 09.06.2015 um 12:06 schrieb Yann Ylavic <ylavic....@gmail.com>: >> >> On Tue, Jun 9, 2015 at 11:21 AM, Stefan Eissing >> <stefan.eiss...@greenbytes.de> wrote: >>> >>> Also from RFC 7540, 9.2.1 >>> "A deployment of HTTP/2 over TLS 1.2 MUST disable renegotiation.“ >>> >>> (Once the h2 session is established, renegotiation may appear before that.) >>> >>> This is all a result of the „securing the web“ thinking where now HTTP and >>> TLS requirements get interwoven and layers are mixed. >> >> <sarcasm> >> Security by mixing layers, how ironic! >> Surely HTTP/2 will secure those who want to share private and valuable >> informations (secretly), as to the web... >> It could have been that, though. >> </sarcasm> >> >> PS: nothing personal Stefan, just about the new protocol I'm trying to >> digest... > > <green/>bytes GmbH > Hafenweg 16, 48155 Münster, Germany > Phone: +49 251 2807760. Amtsgericht Münster: HRB5782 > > >
