1
TrustyWolf 2015-11-20 17:06:17 +08:00
咱为了支持 HTTP/2 和 HSTS ,把系统从 CentOS 切换到了 Fedora Server ,用了最新的 Apache 2.4.17 ,然后发现这货有 SNI 的 BUG...无奈暂时关闭了 HTTP/2 功能 QAQ
|
2
TrustyWolf 2015-11-20 17:32:06 +08:00
h2 Restrictions
There are some restrictions on the h2 implementation you should be aware of: Connection Reuse The HTTP/2 protocol allows reuse of TLS connections under certain conditions: if you have a certiface with wildcards or several altSubject names, browsers will reuse any existing connection they might have. Example: You have a certificate for a.example.org that has as additional name b.example.org. You open in your browser the url https://a.example.org/, open another tab and load https://b.example.org/. Before opening a new connection, the browser sees that it still has the one to a.example.org open and that the certificate is also valid for b.example.org. So, it sends the request for second tab over the connection of the first one. This connection reuse is intentional and makes it easier for sites that have invested in sharding for efficiency in HTTP/1 to also benefit from HTTP/2 without much change. In Apache mod_h[ttp]2 this is not fully implemented, yet. When a.example.org and b.example.org are separate virtual hosts, Apache will not allow such connection reuse and inform the browser with status code 421 Misdirected Request about it. The browser will understand that it has to open a new connection to b.example.org. All will work, however some efficiency gets lost. We expect to have the proper checks in place for the next release. |
3
alect 2015-11-20 17:37:15 +08:00 1
@TrustyWolf 对的,用野卡 SSL 会出问题, Apache 新版第一天出来安装就发现了,然而 Nginx 没这个问题
|
4
TrustyWolf 2015-11-20 17:40:25 +08:00
@alect 嗯嗯,看内部邮件发现其实这个问题在开发 2.4.17 的时候就已经被发现了,期待下个版本被修复 0.0
|
5
mengzhuo 2015-11-20 20:35:37 +08:00
Go 1.6 为了支持 http2 开发者已经四处传道了……
|