Be able to specify protocols available for the ALPN server #33
Conversation
| @@ -73,7 +73,7 @@ struct | |||
| Alpn.injection; | |||
| } | |||
|
|
|||
| let with_lets_encrypt_certificates ?(port = 443) stackv4v6 ~production config | |||
| let with_lets_encrypt_certificates ?(port = 443) ?(alpn_protocols= [ "http/1.1"; "h2" ]) stackv4v6 ~production config | |||
There was a problem hiding this comment.
The order was changed
| let with_lets_encrypt_certificates ?(port = 443) ?(alpn_protocols= [ "http/1.1"; "h2" ]) stackv4v6 ~production config | |
| let with_lets_encrypt_certificates ?(port = 443) ?(alpn_protocols= [ "h2"; "http/1.1" ]) stackv4v6 ~production config |
There was a problem hiding this comment.
Yes, I would like to keep http/1.1 by default and when the user wants to handle h2, it must write explicitely.
There was a problem hiding this comment.
So indeed the order is relevant here: a client proposes a list of ALPN in its client hello, and the server selects one ALPN by using a "first match" from the ones configured for the server (in the case above "http/1.1"; "h2" -- previously "h2"; "http/1.1") and the list received by the client.
So, TL;DR: should we prioritize HTTP1.1 or HTTP2? If "it seems that the h2 server has some bugs", maybe it is better to only advertise http1 by default? In any case, we should more clearly document the default setting (including priority) :)
There was a problem hiding this comment.
I improved the documentation to explain the order of protocols and what is the default value.
|
great, should I cut a release with this change? |
|
Yes, just to inform @kit-ty-kate, I will delete all of this code from the |
…tsencrypt-app (0.5.1) CHANGES: * letsencrypt-mirage: allow alpn protocols to be specified (mmaker/ocaml-letsencrypt#33 @dinosaure)
CHANGES: - Upgrade to `mirage-crypto-rng.0.11.0` (@hannesm, @dinosaure, dinosaure/paf-le-chien#85) - Be able to specify ALPN protocols (@kit-ty-kate, @dinosaure, dinosaure/paf-le-chien#86) Also merged into `ocaml-letsencrypt` (see mmaker/ocaml-letsencrypt#33) - Set the default protocol used for the ALPN negotiation to "http/1.1" (@dinosaure, dinosaure/paf-le-chien#87) Also merged into `ocaml-letsencrypt` (see mmaker/ocaml-letsencrypt#33) - Upgrade `paf` to `h2.0.10.0` (@kit-ty-kate, @dinosaure, dinosaure/paf-le-chien#83) - Replace `Cstruct.copy` (deprecated) by `Cstruct.to_string` (@dinosaure, dinosaure/paf-le-chien#83) - Delete `paf-le` package (@dinosaure, @hannesm, dinosaure/paf-le-chien#88) Implementations are available via the new package `letsencrypt-mirage`
Requested by @kit-ty-kate to be able to specify
http/1.1(x)orh2: it seems that theh2server has some bugs.