Nginx HTTP/2 module (ALPN) TLS on RHEL 7.*

[rikske at deds.nl]

Hi,

So what you're saying.

Nginx HTTP/2 module won't work on RHEL 7.1 with (ALPN) TLS,
until you are using OpenSSL version 1.0.2 on RHEL 7.1 in any manner
whatsoever?

Can anyone confirm this?

Thanks,

Regards,

Rik Ske

> Hello!
>
> On 09/28/2015 08:40 PM, rikske at deds.nl wrote:
>> Dear,
>>
>> Does the Nginx HTTP/2 module work on RHEL 7.1 with (ALPN) TLS?
>>
>> It seems like the HTTP/2 module is enabled by default in your RHEL 7.1
>> based rpm and srpm.
>>
>> Your Nginx website writes about:
>>
>> "Note that accepting HTTP/2 connections over TLS requires the
>> “Application-Layer Protocol Negotiation” (ALPN) TLS extension support,
>> which is available only since OpenSSL version 1.0.2. Using the “Next
>> Protocol Negotiation” (NPN) TLS extension for this purpose
>> (available since OpenSSL version 1.0.1) is not guaranteed. "
>>
>> RHEL 7.1 is using OpenSSL 1.0.1e. with a whole bunch of patches and
>> backports.
>>
>> Can't find anything in the changelog of RHEL 7.1's OpenSSL about ALPN.
>> The only thing i can find is "Support for Application Layer Protocol
>> Negotiation (ALPN) has been added." in RHEL's GnuTLS.
>
> Yes, RHEL using openssl 1.0.1e-42. But, I've compiled using openssl
> 1.0.2d + crypto-policies under centos7. And it was success deployed on
> my sandbox
>
> The rpm was compiled on fedora22, and ported to el7 using mock.
>
> https://gitlab.com/antituhan/rpms/tree/master.
> $ openssl version
> OpenSSL 1.0.2d-fips 9 Jul 2015
> $ uname -a
> Linux <removed> 3.10.0-229.14.1.el7.x86_64 #1 SMP Tue Sep 15 15:05:51
> UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
>
> Enjoy.
>
>
>>
>> Thanks,
>>
>> Regards,
>>
>> Rik Ske
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx