Nginx SPDY: Missing NPN Extension in SSL/TLS Handshake?

alcina · June 9, 2013, 7:10am

Hi guys, I’ve tried setting up CentOS 6.4, Nginx 1.4.1 with Google SPDY
support and used spdycheck.org to check the site and all SPDY checks
pass
except this notice:

Missing NPN Extension in SSL/TLS Handshake

Sorry, but this server is not including an NPN Entension during the
SSL/TLS
handshake. The NPN Extension is an additional part of the SSL/TLS
ServerHello message which allows web servers to tell browsers they
support
additional protocols, like SPDY. SSL/TLS servers that don’t use send the
NPN
Extension cannot use SPDY because they have no way to tell the browser
to
use SPDY instead of HTTP.

What exactly am I missing from Nginx 1.4.1, openssl 1.0.1e and SPDY
setup to
properly satisfy NPN Extension in SSL/TLS handshake ?

Chrome reports SPDY support fine though.

cheers

Posted at Nginx Forum:

George · June 9, 2013, 1:53pm

Hi,

this doesn’t really make sense; NPN is absolutely required for SPDY.

What does the ssllabs test say in “Next Protocol Negotiation”?

Regards,

Lukas

George · June 9, 2013, 2:49pm

According to ssllabs for NPN

Next Protocol Negotiation Yes spdy/2 http/1.1

so spdycheck.org incorrect ?

Posted at Nginx Forum:

George · June 9, 2013, 3:40pm

so spdycheck.org incorrect ?

I guess so. I would suggest to report this to support at zoompf dot com
so they can fix it (or tell what exactly is wrong).

Regards,

Lukas

George · June 10, 2013, 2:42pm

Thanks Lukas for your help

Posted at Nginx Forum: