From: Stefan Eissing <icing@apache.org>
Date: Tue, 6 Jul 2021 12:31:44 +0000 (+0000)
Subject: backport proposal of r1890693+r1890696, improved alpn check [skip ci]
X-Git-Tag: candidate-2.4.49~3^2~77
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8e7e30407c0ef6e1eaeea4912ff34c39108cba88;p=thirdparty%2Fapache%2Fhttpd.git

backport proposal of r1890693+r1890696, improved alpn check [skip ci]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1891311 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index c952fa3e258..27269de9b9d 100644
--- a/STATUS
+++ b/STATUS
@@ -201,7 +201,22 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
      trunk patch: http://svn.apache.org/r1890605
      2.4.x patch: https://github.com/apache/httpd/pull/203.diff
            PR: https://github.com/apache/httpd/pull/203
-    +1: icing
+     +1: icing
+
+  *) mod_ssl: tighten the handling of ALPN for outgoing (proxy)
+     connections. If ALPN protocols are provided and sent to the
+     remote server, the received protocol selected is inspected
+     and checked for a match. Without match, the peer handshake
+     fails.
+     An exception is the proposal of "http/1.1" where it is
+     accepted if the remote server did not answer ALPN with
+     a selected protocol. This accomodates for hosts that do
+     not observe/support ALPN and speak http/1.x be default.
+     trunk patch: http://svn.apache.org/r1890693
+                  http://svn.apache.org/r1890696
+     2.4.x patch: https://github.com/apache/httpd/pull/204.diff
+           PR: https://github.com/apache/httpd/pull/204
+     +1: icing
 
 
 PATCHES/ISSUES THAT ARE BEING WORKED