Document HTTP/2 compat #204
Comments
|
If all streams come from the same user it will be safe, if it is used behind a proxy that may interleave different user requests, then definitely not safe. In general GssapiConnectionBound is really only needed if you are performing NTLMSSP authentication (or another mechanism that performs more than 1 server roundtrip), for krb5 it is not necessary. We use cookies to avoid the need for multiple authentication at each roundtrip. |
|
The cookies are only available if the client supports them (e.g., browsers). Consider libserf accessing HTTPd, there is no cookie support |
|
In that case libserf will have to send HTTP auth headers with each
requests, better if it is able to do opportunistic negotiation or it
will go though multiple roundtrips on each request just to deal with
authentication.
|
|
Alright, libserf does that in all gory details. |
Hey there, I have configured Apache for
Protocols h2 http/1.1and like to know whether due to multiplexing streams it is still safe to useGssapiConnectionBoundwith HTTP/2. Moreover, the docs say "It incurs overhead, so leaving it off is recommended." What overhead? Checking connection notes for a principal is overhead if this gives more performance on persistent connections?The text was updated successfully, but these errors were encountered: