What is the penalty of invoking SSL_do_handshake(ssl) on the server side for a new connection? We do this on renegotiate and upgrade cases...
> Am 11.10.2015 um 19:23 schrieb Stefan Eissing <stefan.eiss...@greenbytes.de>: > > >> Am 11.10.2015 um 19:19 schrieb Rainer Jung <rainer.j...@kippdata.de>: >> >> Am 11.10.2015 um 19:08 schrieb Yann Ylavic: >>> On Sun, Oct 11, 2015 at 7:00 PM, Stefan Eissing >>> <stefan.eiss...@greenbytes.de> wrote: >>>> Ok, analyzed the code. Here is what seems to be happening: >>>> >>>> - mod_http2, in the connection hook, does a blocking, speculative read to >>>> a) make sure the ALPN has been triggered >>>> b) check for the magic 24 bytes h2 preface in case H2Direct is on >>>> This works fine for HTTP/1.1 or protocols where the client starts sending >>>> bytes right away. >>>> If the client waits for something from the server first, it gives a >>>> timeout. This seems to be the NNTP case. >>> >>> Does it make any sense to enable h2 on NNTP? >> >> For now I disabled the nntp over ssl test when mod_http2 is loaded (disabled >> in the test file) so that the test suite does not hang. >> >> I guess we don't want to test h2 and NNTP on the same requests, but it would >> be ideal, if the modules would not disturb each other, if they serve >> different vhosts in the same Apache. If that's not possible and doesn't >> actually indicate a bigger problem, I'm personally fine with that >> incompatibility with protocols that show "server sends first" behavior. > > Agreed. What we need is a way to make sure that any ALPN handling is done for > later connection hooks. Then mod_http2 will only need to sniff when H2Direct > is enabled.