Tom, On 11/4/19 16:05, Tom (AST) Watson wrote: > Well, I thought it would be "easy", but maybe not. I have an > application (#1) that uses http2, and isn't encrypted. No problem > here. Now I have another application (#2) that insists on using > https to talk to application #1. So I gleefully setup stunnel to > connect the two. Well, application #2 starts talking to stunnel with > a "Client Hello" packet, and it includes an extension "Application > Layer Protocol Extension" of "h2".
This is called ALPN, and is a requirement for h2s. > While not versed in the minutia, I take this that the client > (application #2) wants to talk "http2" to the server (application > #1). Yep, pretty much. > OK, that is what I want. The problem is that stunnel doesn't > respond with ANY "Application Layer Protocol Extension" indicating > acceptance of this request in its "server hello". This means that > application #2 fails in its negotiation. No joy! > > Now I know that application #1 will nicely talk http2, but how do I > get stunnel to communicate this to application #2 (as encrypted > http2). Am I missing something in my (pretty simple) configuration > file? I can't find any references to stunnel supporting ALPN. You may be (temporarily) out of luck, at least with stunnel. You mentioned that app #2 insists on encryption (great, usually). Is there a requirement that it use h2? Or can it be configured to use HTTP/1.1? -chris
signature.asc
Description: OpenPGP digital signature
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
