-
Notifications
You must be signed in to change notification settings - Fork 825
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configuration with SSL? #18
Comments
Sorry, SSL support exists in the source code (and thus is available if H2O is used as a library) but there is no configuration directive for the server. Please wait a while. |
Okay, I will wait, thanks! |
Memo: #23 introduced a callback that should be called when a connection gets closed. Do not forget to call the function when SSL handshake fails. |
Mostly finished by the above commit. Configuration directive
The leftover is to properly implement multi-thread support in handling SSL (needs to define hooks as is done in http://openssl.6102.n7.nabble.com/When-to-use-CRYPTO-set-locking-callback-and-CRYPTO-set-id-callback-td7379.html). |
Great job! I just tried, but I was unable to run it successfully with SSL configuration. Here is my config for my test HTTP2 server, which is running on this domain http2rulez.com: listen: On this domain I have a few endpoints - SPDY on port 8081, HTTP2 on Port 80 (via node-http2) and so on. I just configured H2O to run on port 8084 and I tried to connect with Canary and Firefox Nightly. In Canary I have enabled SPDY/4 flag. Both failed to connect to https://http2rulez.com:8084, but they successfully connected via HTTP2 protocol on this address: https://http2rulez.com. |
Hi, I am not sure h2o supports AEAD cipher suites. Personally I managed to run an h2o HTTP/2 server with SSL and then I used Firefox Nightly to connect to it (but I had to set network.http.spdy.enforce-tls-profile to false). Hope that helps. |
@ipeychev @desaxce Regarding the ciphersuites being supported, H2O does not provide any way to modify the list of ciphersuites from those enabled by OpenSSL by default (we should obviously add a way to configure the list; thank you for noticing it). But in the case of http2rulez.com I do not think that is the cause of the problem. EDIT: The error also happens with HTTP/1.1 over SSL. |
Great job! It works now on https://http2rulez.com:8084! |
Wow! Thanks a lot! |
[quic] add -v and -s to filter response headers
Hello,
Is there an example of configuration with SSL? h2o --help does not provide information how to specify the certificate.
(And thanks for the advices, now I have it up and running).
The text was updated successfully, but these errors were encountered: