From 7e2e41a4215c9e2a0f20da8859c1e89af2e1c5d7 Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Fri, 3 Sep 2021 13:28:01 +0000 Subject: Merge of r1890693,r1890696 from trunk: mod_ssl: tighten the handling of ALPN for outgoing (proxy) connections. If ALPN protocols are provided and sent to the remote server, the received protocol selected is inspected and checked for a match. Without match, the peer handshake fails. An exception is the proposal of "http/1.1" where it is accepted if the remote server did not answer ALPN with a selected protocol. This accomodates for hosts that do not observe/support ALPN and speak http/1.x be default. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1892869 13f79535-47bb-0310-9956-ffa450edef68 --- changes-entries/ssl_alpn_outgoing.txt | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 changes-entries/ssl_alpn_outgoing.txt (limited to 'changes-entries') diff --git a/changes-entries/ssl_alpn_outgoing.txt b/changes-entries/ssl_alpn_outgoing.txt new file mode 100644 index 0000000000..0b16193ec8 --- /dev/null +++ b/changes-entries/ssl_alpn_outgoing.txt @@ -0,0 +1,9 @@ + *) mod_ssl: tighten the handling of ALPN for outgoing (proxy) + connections. If ALPN protocols are provided and sent to the + remote server, the received protocol selected is inspected + and checked for a match. Without match, the peer handshake + fails. + An exception is the proposal of "http/1.1" where it is + accepted if the remote server did not answer ALPN with + a selected protocol. This accomodates for hosts that do + not observe/support ALPN and speak http/1.x be default. \ No newline at end of file -- cgit v1.2.1