<div dir="ltr"><div>Hi, <span style="font-size:12.8px">Valentin.</span></div><div><br></div>"<div><span style="font-size:12.8px">Also please note that with your patch clients are still able to</span><br style="font-size:12.8px"><span style="font-size:12.8px">negotiate HTTP/2 even if nginx doesn't announce it.</span></div><div><span style="font-size:12.8px">"</span><br></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Two points:</span></div><div><span style="font-size:12.8px">1. The patch forbids the clients </span><span style="color:rgb(0,0,0);font-size:13px;white-space:nowrap">explicitly not support HTTP/2 doing v2 (</span><font color="#000000"><span style="white-space:nowrap">ngx_http_v2_init).</span></font></div><div><font color="#000000"><span style="white-space:nowrap"> How to follow you mean of "with the patch, clients are still able to negotiate HTTP/2"</span></font></div><div><font color="#000000"><span style="white-space:nowrap">2. "</span></font><span style="font-size:12.8px">even if </span>nginx<span style="font-size:12.8px"> doesn't announce it"</span></div><div><span style="font-size:12.8px"> </span><span style="color:rgb(0,0,0);white-space:nowrap">Is it related to </span>nginx<span style="color:rgb(0,0,0);white-space:nowrap">? </span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jun 9, 2017 at 1:09 AM, Valentin V. Bartenev <span dir="ltr"><<a href="mailto:vbart@nginx.com" target="_blank">vbart@nginx.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Friday 09 June 2017 00:08:06 洪志道 wrote:<br>
> "<br>
><br>
> For "https" resources, connection reuse additionally depends on<br>
> having a certificate that is valid for the host in the URI. The<br>
> certificate presented by the server MUST satisfy any checks that the<br>
> client would perform when forming a new TLS connection for the host<br>
> in the URI.<br>
><br>
> "<br>
><br>
><br>
> It seems the brower can prevent the unreasonable behavior.<br>
><br>
><br>
> In reallity, It still exist some clients that dosen't perfom well in http2.<br>
><br>
> So it's kind of valuable to enable http2 by server.<br>
><br>
><br>
> It's not a good idea the put the patch in nginx,<br>
><br>
> Can you help to check the patch whether contains serious problem?<br>
><br>
><br>
> Maybe it's helpful for other guys.<br>
><br>
><br>
> Thanks again.<br>
><br>
</span>[..]<br>
<br>
The most serious problem with the patch, that it gives an illusion<br>
that HTTP/2 can be enabled per virtual server basis, but in fact it<br>
doesn't prevent requests to any server on particular listen socket<br>
using already existing HTTP/2 connection.<br>
<br>
Also please note that with your patch clients are still able to<br>
negotiate HTTP/2 even if nginx doesn't announce it.<br>
<br>
I don't see any other serious problems.<br>
<div class="HOEnZb"><div class="h5"><br>
wbr, Valentin V. Bartenev<br>
<br>
______________________________<wbr>_________________<br>
nginx-devel mailing list<br>
<a href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" rel="noreferrer" target="_blank">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx-devel</a></div></div></blockquote></div><br></div>