Hi, Please consider adding the following patch to mod_ssl https://issues.apache.org/bugzilla/attachment.cgi?id=28513 This patch adds support for Next Protocol Negotiation needed by SPDY https://fedoraproject.org/wiki/Features/F18SPDY Patch is currently reviewed https://issues.apache.org/bugzilla/show_bug.cgi?id=52210 Best regards, Michal
Commit: http://pkgs.fedoraproject.org/gitweb/?p=httpd.git;a=commitdiff;h=f04e6633bec524c6a350632f0f7fa8597a882d0c Package: httpd-2.4.2-7.fc18 Build: https://koji.fedoraproject.org/koji/buildinfo?buildID=316610
There you go, Michal. If you get to test that out, please leave a comment.
Hi, Thank you very much. Currently I have a short vacation - I'll test it after 2012-V-07. Best regards, Michal
Hi, I need to get working mod_spdy for F18 to test if NPN works. I've got some problems with mod_spdy - I will try to resolve them quickly. Best regards, Michal
Hi, Unfortunately I can not test it until mod_spdy gets support for httpd 2.4. Best regards, Michal
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle. Changing version to '19'. (As we did not run this process for some time, it could affect also pre-Fedora 19 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
As Google hasn't bothered to update mod_spdy to support Apache 2.4 yet, someone has forked the project on github and patched it to work (the changes are fairly minor). See: https://github.com/eousphoros/mod-spdy I've installed the generated mod_ssl (with NPN support) and mod_spdy and it works very well on my Fedora 20 system (ssllabs shows full support, and developer logs in Firefox show correct spdy/3.1 negotiation. (Current trunk also has the fix for the heartbleed bug) Might be worth testing/updating mod_ssl to support NPN so we can track future SSL fixes without an out of tree module. If you need, I can post the patch to mod_ssl to add NPN support so it can be easily added to the RPM.
Scott, we have an old version of the NPN patches from httpd trunk in Fedora httpd already. The API got redesigned though in http://svn.apache.org/r1487772 - is that what is required to work with the forked mod_spdy?
Checked the mod_ssl patch in the mod_spdy fork above, and it's using the hook (older) API. Not sure how much would need to change to get mod_spdy to use the newer callback interface, but it's not "core" to the spdy code if I'm reading it right (the protocol negotiation is done before the meat of the mod_spdy code gets called). Would you prefer to use the newer callback interface? If so, I could look at forking/porting the mod_spdy code... (time allowing :)
I would prefer to use the newer interface, but it's not a big deal. Matthew Steele at Google had reviewed the API rewrite, might be worth talking to him about it: http://marc.info/?t=136983840600001&r=1&w=4
I guess either would work... wouldn't expect that apache would ship 2.4 with NPN added as they'll probably wait for 2.6. Safest option would be for mod_ssl to add a "provides" feature that mod_spdy can "require" ("mod_ssl(npn-hook)" perhaps? not sure of the correct syntax) and then if the api is ever updated, mod_spdy would need to be upgraded or removed. Noticed that installing the current mod_spdy with a non-npn mod_ssl issues an error in the ssl_error_log, but doesn't prevent the module from loading (or apache from starting) -- https pages just never finish the connection and hang; not ideal.
So google has now released mod_spdy to the apache project so it's possible for it to now be packaged. Likely best as a separate package. http://svn.apache.org/viewvc/httpd/mod_spdy/
Took a quick look, and the released mod appears to be using the old hook api. Haven't had a chance to build/install this new release and give it a spin yet. BTW: I don't see the mod_ssl patches for npn in the httpd-2.4.9-2.fc20 source... I used the mod_ssl build from the git link in comment 7 for my current testing, but if the default mod_ssl had the patched module, it'd make it easier to ship mod_spdy as an optional/non-conflicting package :)
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle. Changing version to '23'. (As we did not run this process for some time, it could affect also pre-Fedora 23 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23
Hi, I'm triaging httpd bugs in Fedora and I've been checking the story behind this bug for some time. How actual is it now? The NPN has been replaced by ALPN and NPN support has been removed from httpd completely in <https://svn.apache.org/viewvc?view=revision&revision=1676004>. What's the plan here now?
Hi, I think that this bug can be closed. Best regards, Michal
ALPN works with mod_ssl/mod_http2 in Fedora 23 (httpd 2.4.18).