diff options
author | Stefan Eissing <icing@apache.org> | 2021-09-03 13:28:01 +0000 |
---|---|---|
committer | Stefan Eissing <icing@apache.org> | 2021-09-03 13:28:01 +0000 |
commit | 7e2e41a4215c9e2a0f20da8859c1e89af2e1c5d7 (patch) | |
tree | cdf108f6867253ee0fd66ec9f0473baec10664f7 /changes-entries | |
parent | 08cb85cd0399abdff38a34c9f700158b7bb73691 (diff) | |
download | httpd-7e2e41a4215c9e2a0f20da8859c1e89af2e1c5d7.tar.gz |
Merge of r1890693,r1890696 from trunk:
mod_ssl: tighten the handling of ALPN for outgoing (proxy)
connections. If ALPN protocols are provided and sent to the
remote server, the received protocol selected is inspected
and checked for a match. Without match, the peer handshake
fails.
An exception is the proposal of "http/1.1" where it is
accepted if the remote server did not answer ALPN with
a selected protocol. This accomodates for hosts that do
not observe/support ALPN and speak http/1.x be default.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1892869 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'changes-entries')
-rw-r--r-- | changes-entries/ssl_alpn_outgoing.txt | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/changes-entries/ssl_alpn_outgoing.txt b/changes-entries/ssl_alpn_outgoing.txt new file mode 100644 index 0000000000..0b16193ec8 --- /dev/null +++ b/changes-entries/ssl_alpn_outgoing.txt @@ -0,0 +1,9 @@ + *) mod_ssl: tighten the handling of ALPN for outgoing (proxy) + connections. If ALPN protocols are provided and sent to the + remote server, the received protocol selected is inspected + and checked for a match. Without match, the peer handshake + fails. + An exception is the proposal of "http/1.1" where it is + accepted if the remote server did not answer ALPN with + a selected protocol. This accomodates for hosts that do + not observe/support ALPN and speak http/1.x be default.
\ No newline at end of file |