Nginx 1.9.11 and OpenSSL 1.0.2G - HTTP2, but no ALPN negotiated

I have Ubuntu 14.04 with OpenSSL 1.0.2G,

Upgraded to Nginx 1.9.11 mainline (PPA) from 1.8.1 stable, because
Chrome
will drop SPDY in a few months. Better be prepared.

Everything went fine, but when I test HTTP2 I notice that ALPN doesn’t
work:

No ALPN negotiated

Since I have the latest version of OpenSSL, I have no idea why this is
the
case.

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,265036,265036#msg-265036

Hi,

On Ubuntu 14.04 NGINX is built with OpenSSL 1.0.1 so is not built with
ALPN support. If you have installed OpenSSL 1.0.2 you can recompile
NGINX to use this and gain the ALPN support.

In most cases HTTP/2 with NPN in OpenSSL 1.0.1 will work for now.

Kind Regards
Andrew

On 03/03/16 12:32, dannydekr wrote:

Since I have the latest version of OpenSSL, I have no idea why this is the
case.

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,265036,265036#msg-265036


nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx


Andrew H. (LinuxJedi)
Technical Product Manager, NGINX Inc.

Hello,

“In most cases HTTP/2 with NPN in OpenSSL 1.0.1 will work for now.”,
yes,
for now, sadly Google will remove the NPN support in Chrome “soon”: “We
plan
to remove support for SPDY in early 2016, and to also remove support for
the
TLS extension named NPN in favor of ALPN in Chrome at the same time.
Server
developers are strongly encouraged to move to HTTP/2 and ALPN.”.
Source: http://blog.chromium.org/2015/02/hello-http2-goodbye-spdy.html

Thats why we all have to hurry the migration to ALPN by compiling nginx
with
OpenSSL 1.0.2 or LibreSSL.

PS : I can’t find a good reason for Google to drop support for NPN right
now… it feels like last year, when they wanted to drop support of SPDY
in
Chrome when HTTP/2 was barely standardized and no major web server was
HTTP/2 ready.

Best Regards

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,265036,265048#msg-265048

Hello,

Thats why we all have to hurry the migration to ALPN by compiling nginx with
OpenSSL 1.0.2 or LibreSSL.

PS : I can’t find a good reason for Google to drop support for NPN right
now… it feels like last year, when they wanted to drop support of SPDY in
Chrome when HTTP/2 was barely standardized and no major web server was
HTTP/2 ready.

If you need http2 there is always the option to compile your own nginx
binary against a more modern version of OpenSSL than what your operating
system provides, or to change operating systems to one which provides
such an OpenSSL version.

Jim

Hello,

Jim O. Wrote:

If you need http2 there is always the option to compile your own nginx
binary against a more modern version of OpenSSL than what your
operating system provides, or to change operating systems to one which
provides such an OpenSSL version.

Yes, it’s what I’m doing with LibreSSL :slight_smile:

But HTTP/2 works also very well with NPN and OpenSSL 1.0.1… sadly
it’ll be
less useful when Google would have dropped support for NPN.

Best Regards

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,265036,265054#msg-265054

Hello,

Great, thanks Andrew!

Best Regards

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,265036,265115#msg-265115

Hi,

This link was also shown to me today. I have contacted Google to ask
them to reverse the decision to drop NPN HTTP/2.

Kind Regards
Andrew

On 03/03/16 16:00, Alt wrote:

OpenSSL 1.0.2 or LibreSSL.


nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx


Andrew H. (LinuxJedi)
Technical Product Manager, NGINX Inc.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs