Changeset 0bed0a0 in mod_gnutls
- Timestamp:
- Nov 7, 2018, 12:55:41 PM (2 years ago)
- Branches:
- asyncio, debian/master, master, proxy-ticket
- Children:
- dcaba46
- Parents:
- a939015
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
CHANGELOG
ra939015 r0bed0a0 20 20 mod_socache. Users may need to update their GnuTLSCache settings and 21 21 load the appropriate socache modules. 22 - Known issue: ALPN (required for HTTP/2) works correctly only if all 23 virtual hosts using mod_gnutls share the same Protocols setting, 24 reported by Vincent Tamet. 22 - ALPN (required for HTTP/2) now works correctly with different 23 "Protocols" directives between virtual hosts if building with GnuTLS 24 3.6.3 or newer. Older versions require identical "Protocols" 25 directives for overlapping virtual hosts. Thanks to Vincent Tamet 26 for the bug report! 25 27 - GnuTLSPriorities is optional now and defaults to "NORMAL" if 26 28 missing. The same applies to GnuTLSProxyPriorities (if TLS proxy is -
doc/mod_gnutls_manual.mdwn
ra939015 r0bed0a0 51 51 -------------- 52 52 53 HTTP/2 is supported with `mod_gnutls` but works correctly only if all 54 virtual hosts using `mod_gnutls` share the same `Protocols` 55 setting. This will be fixed in a future release, but will likely 56 require GnuTLS 3.6 or later. 53 HTTP/2 is supported with `mod_gnutls`. However, full support requires 54 compiling with GnuTLS 3.6.3 or later. When using lower versions all 55 virtual hosts using `mod_gnutls` with overlapping IP/port combinations 56 need to use identical `Protocols` directives for protocol negotiation 57 to work correctly. 57 58 58 59 The technical reason is that using HTTP/2 requires ALPN (Application 59 60 Layer Protocol Negotiation) to be set up before GnuTLS parses the TLS 60 61 ClientHello message, but earlier hooks cannot use 61 `gnutls_server_name_get()` to retrieve SNI data for virtual host 62 selection. 62 `gnutls_server_name_get()` to retrieve SNI (Server Name Indication) 63 data for virtual host selection. Because of this `mod_gnutls` provides 64 its own early SNI parser, which requires the `gnutls_ext_raw_parse()` 65 function introduced in GnuTLS 3.6.3 to retrieve the extension data in 66 a *pre* client hello hook. 63 67 64 68 * * * * * … … 739 743 ----------------------------------------- 740 744 741 `mod_gnutls` supports "Server Name Indication", as specified in [RFC742 6066, Section 3](https://tools.ietf.org/html/rfc6066#section-3). This 743 allows hosting many TLS websites with a single IP address, you can 744 just add the virtual host conigurations. All recent browsers support745 `mod_gnutls` supports Server Name Indication (SNI), as specified in 746 [RFC 6066, Section 3](https://tools.ietf.org/html/rfc6066#section-3). 747 This allows hosting many TLS websites with a single IP address, you 748 can just add virtual host configurations. All recent browsers support 745 749 this standard. Here is an example using SNI: 746 750 … … 777 781 GnuTLSCertificateFile conf/tls/site3.crt 778 782 GnuTLSKeyFile conf/tls/site3.key 783 # Enable HTTP/2. With GnuTLS before version 3.6.3 all 784 # virtual hosts in this example would have to share this 785 # directive to work correctly. 786 Protocols h2 http/1.1 779 787 </VirtualHost> 780 788
Note: See TracChangeset
for help on using the changeset viewer.