Merge of r1890693,r1890696 from trunk:

mod_ssl: tighten the handling of ALPN for outgoing (proxy)
     connections. If ALPN protocols are provided and sent to the
     remote server, the received protocol selected is inspected
     and checked for a match. Without match, the peer handshake
     fails.
     An exception is the proposal of "http/1.1" where it is
     accepted if the remote server did not answer ALPN with
     a selected protocol. This accomodates for hosts that do
     not observe/support ALPN and speak http/1.x be default.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1892869 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 9 insertions, 0 deletions

diff --git a/changes-entries/ssl_alpn_outgoing.txt b/changes-entries/ssl_alpn_outgoing.txt
new file mode 100644
index 0000000000..0b16193ec8
--- /dev/null
+++ b/changes-entries/ssl_alpn_outgoing.txt
@@ -0,0 +1,9 @@
+  *) mod_ssl: tighten the handling of ALPN for outgoing (proxy)
+     connections. If ALPN protocols are provided and sent to the
+     remote server, the received protocol selected is inspected
+     and checked for a match. Without match, the peer handshake
+     fails.
+     An exception is the proposal of "http/1.1" where it is
+     accepted if the remote server did not answer ALPN with
+     a selected protocol. This accomodates for hosts that do
+     not observe/support ALPN and speak http/1.x be default.
\ No newline at end of file