I have Ubuntu 14.04 with OpenSSL 1.0.2G,
Upgraded to Nginx 1.9.11 mainline (PPA) from 1.8.1 stable, because
Chrome
will drop SPDY in a few months. Better be prepared.
Everything went fine, but when I test HTTP2 I notice that ALPN doesn’t
work:
No ALPN negotiated
Since I have the latest version of OpenSSL, I have no idea why this is
the
case.
Posted at Nginx Forum:
Hi,
On Ubuntu 14.04 NGINX is built with OpenSSL 1.0.1 so is not built with
ALPN support. If you have installed OpenSSL 1.0.2 you can recompile
NGINX to use this and gain the ALPN support.
In most cases HTTP/2 with NPN in OpenSSL 1.0.1 will work for now.
Kind Regards
Andrew
On 03/03/16 12:32, dannydekr wrote:
Since I have the latest version of OpenSSL, I have no idea why this is the
case.Posted at Nginx Forum:
Nginx 1.9.11 and OpenSSL 1.0.2G - HTTP2, but no ALPN negotiated.
nginx mailing list
[email protected]
nginx Info Page
–
Andrew H. (LinuxJedi)
Technical Product Manager, NGINX Inc.
Hello,
“In most cases HTTP/2 with NPN in OpenSSL 1.0.1 will work for now.”,
yes,
for now, sadly Google will remove the NPN support in Chrome “soon”: “We
plan
to remove support for SPDY in early 2016, and to also remove support for
the
TLS extension named NPN in favor of ALPN in Chrome at the same time.
Server
developers are strongly encouraged to move to HTTP/2 and ALPN.”.
Source: Chromium Blog: Hello HTTP/2, Goodbye SPDY
Thats why we all have to hurry the migration to ALPN by compiling nginx
with
OpenSSL 1.0.2 or LibreSSL.
PS : I can’t find a good reason for Google to drop support for NPN right
now… it feels like last year, when they wanted to drop support of SPDY
in
Chrome when HTTP/2 was barely standardized and no major web server was
HTTP/2 ready.
Best Regards
Posted at Nginx Forum:
Hello,
Thats why we all have to hurry the migration to ALPN by compiling nginx with
OpenSSL 1.0.2 or LibreSSL.PS : I can’t find a good reason for Google to drop support for NPN right
now… it feels like last year, when they wanted to drop support of SPDY in
Chrome when HTTP/2 was barely standardized and no major web server was
HTTP/2 ready.
If you need http2 there is always the option to compile your own nginx
binary against a more modern version of OpenSSL than what your operating
system provides, or to change operating systems to one which provides
such an OpenSSL version.
Jim
Hello,
If you need http2 there is always the option to compile your own nginx
binary against a more modern version of OpenSSL than what your
operating system provides, or to change operating systems to one which
provides such an OpenSSL version.
Yes, it’s what I’m doing with LibreSSL 
But HTTP/2 works also very well with NPN and OpenSSL 1.0.1… sadly
it’ll be
less useful when Google would have dropped support for NPN.
Best Regards
Posted at Nginx Forum:
Hello,
Great, thanks Andrew!
Best Regards
Posted at Nginx Forum:
Hi,
This link was also shown to me today. I have contacted Google to ask
them to reverse the decision to drop NPN HTTP/2.
Kind Regards
Andrew
On 03/03/16 16:00, Alt wrote:
OpenSSL 1.0.2 or LibreSSL.
nginx mailing list
[email protected]
nginx Info Page
–
Andrew H. (LinuxJedi)
Technical Product Manager, NGINX Inc.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs