Changeset f51d359 in mod_gnutls

Timestamp:

Jan 25, 2020, 4:15:44 PM (3 years ago)

Author:

Fiona Klute <fiona.klute@…>

Branches:

asyncio, main, master, proxy-ticket

Children:

8daef10

Parents:

e819f13

Message:

Remove obsolete restrictions on HTTP/2 from documentation

GnuTLS versions before 3.6.3 aren't supported by mod_gnutls any more,
so restrictions applying only to older versions are irrelevant.

File:

• doc/mod_gnutls_manual.md (modified) (2 diffs)

doc/mod_gnutls_manual.md

@@ -61 +61 @@
 configuration other than a [certificate chain](#gnutlscertificatefile)
 with OCSP support.
-
-Note on HTTP/2
---------------
-
-HTTP/2 is supported with `mod_gnutls`. However, full support requires
-compiling with GnuTLS 3.6.3 or later. When using lower versions all
-virtual hosts using `mod_gnutls` with overlapping IP/port combinations
-need to use identical `Protocols` directives for protocol negotiation
-to work correctly.
-
-The technical reason is that using HTTP/2 requires ALPN (Application
-Layer Protocol Negotiation) to be set up before GnuTLS parses the TLS
-ClientHello message, but earlier hooks cannot use
-`gnutls_server_name_get()` to retrieve SNI (Server Name Indication)
-data for virtual host selection. Because of this `mod_gnutls` provides
-its own early SNI parser, which requires the `gnutls_ext_raw_parse()`
-function introduced in GnuTLS 3.6.3 to retrieve the extension data in
-a *pre* client hello hook.
-
-During build `./configure` will report "Early SNI: yes" if your
-version of GnuTLS is new enough.
 
 * * * * *
@@ -831 +810 @@
         GnuTLSCertificateFile conf/tls/site3.crt
         GnuTLSKeyFile conf/tls/site3.key
-        # Enable HTTP/2. With GnuTLS before version 3.6.3 all
-        # virtual hosts in this example would have to share this
-        # directive to work correctly.
+        # Enable HTTP/2
         Protocols h2 http/1.1
 </VirtualHost>