forked from squid-cache/squid
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Send "http/1.1" ALPN when connecting to an HTTPS server or peer
... except when SslBump peeks at or splices the HTTPS server. In those cases, Squid still sends ALPN protocols received from the TLS client, of course. When peeking, Squid also configures OpenSSL with ALPN protocols received from the TLS client. Before these changes, non-peeking/splicing Squid was only sending ALPN when SslBump was staring at the origin server. Without SslBump and with SslBump that was bumping the origin server, no ALPN extension was probably sent. Sending ALPN is the right thing to do and works around bugs in popular serves that respond with malformed NPN extensions when ClientHello has NPN but not ALPN. This draft implementation needs a lot of polishing (and GnuTLS support).
- Loading branch information
Showing
5 changed files
with
66 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters