2015年11月22日 星期日

ALPN


I could got the following with openssl-1.0.2d. One strange thing is that the following command in red. They are the same command, the first says "ALPN h2-14", while the one after h2 says "no ALPN negotiated".
~ # (echo | openssl s_client -alpn h2-14 -connect google.com:443) | grep ALPN
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
ALPN protocol: h2-14
DONE
~ # (echo | openssl s_client -alpn h2 -connect google.com:443) | grep ALPN     
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA                     
verify error:num=20:unable to get local issuer certificate                     
DONE                                                                           
ALPN protocol: h2                                                              
~ # (echo | openssl s_client -alpn h2-14 -connect google.com:443) | grep ALPN  
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA                     
verify error:num=20:unable to get local issuer certificate                     
No ALPN negotiated                                                             
DONE                                                                           


[wiki] Application-Layer Protocol Negotiation - Wikipedia, the free encyclopedia
https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation

HTTP/2 tests Openlitespeed 1.3.8 which OpenSSL version used ? | OpenLiteSpeed Community and News
http://openlitespeed.com/threads/http-2-tests-openlitespeed-1-3-8-which-openssl-version-used.1172/

ALPN check reports No ALPN negotiated - ALPN is only supported in OpenSSL 1.0.2, so wonder if OpenLiteSpeed 1.3.8 bundled OpenSSL is <1 .0.2="" br="">
/opt/h2o_openssl/bin/openssl s_client -alpn h2-14 -host OPENLITESPEEDHOST.centminmod.com -port 8082

---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
NPN check reports that NPN extension is supported = Next protocol: (1) h2-14 
/opt/h2o_openssl/bin/openssl s_client -nextprotoneg h2-14 -host OPENLITESPEEDHOST.centminmod.com -port 8082

---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
Next protocol: (1) h2-14
No ALPN negotiated
Giuseppe Ciotta's Blog – Testing NGINX HTTP/2 support
https://giuseppeciotta.net/testing-nginx-http2-support.html 
(echo | openssl s_client -alpn h2 -connect giuseppeciotta.net:443) | grep ALPN
...
ALPN protocol: h2

OpenSSL - Dev - [Patch] ALPN Implementation for OpenSSL
http://openssl.6102.n7.nabble.com/Patch-ALPN-Implementation-for-OpenSSL-td45509.html

Feature #9390: Support for the ALPN TLS extension - Ruby trunk - Ruby Issue Tracking System
https://bugs.ruby-lang.org/issues/9390


linux - How to detect if a server is using SPDY - Stack Overflow
http://stackoverflow.com/questions/23742928/how-to-detect-if-a-server-is-using-spdy
openssl s_client -connect google.com:443 -nextprotoneg ''
CONNECTED(00000003)
Protocols advertised by server: spdy/3.1, spdy/3, http/1.1

 

下午3:03
標籤:

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)