On 28/04/2016 16:31, Rémy Maucherat wrote: > 2016-04-28 17:14 GMT+02:00 Mark Thomas <ma...@apache.org>: > >> I've done some investigation. It looks like something is going wrong in >> the native connector. It should be failing the connection on the basis that >> there is no matching ALPN protocol. For some reason, the protocol specified >> by the client is returned. >> >> I've been through the code and it appears to be ok. I need to add some >> debugging to figure out what is going on. >> > Unknown protocols could be handled as HTTP/1.1, end of story. The current > error is too verbose, it could probably be used to create a huge amount of > log with only a connection attempt.
tomcat-native provides two options for handling this case. 1. Use the last protocol specified by the server (HTTP/1.1 in this case) 2. Fail the TLS handshake The ALPN spec says 2 should happen. Unfortunately OpenSSL doesn't support failing the handshake and won't until 1.1.0. Whatever we do here is going to be a hack until we can depend on OpenSSL 1.1.0. I'm leaning towards closing the connection with the log message dropped to debug level. Once OpenSSL does the right thing, we can restore the error message sine it will then correctly indicate some form of bug. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
