Hi Stefan, thanks for your answer. I did what you suggested. Here is the error.log -------[Thu Aug 25 15:19:43.850756 2016] [ssl:info] [pid 4275] AH01887: Init: Initializing (virtual) servers for SSL [Thu Aug 25 15:19:43.850825 2016] [ssl:info] [pid 4275] AH01914: Configuring server localhost:443 for SSL protocol [Thu Aug 25 15:19:43.851048 2016] [ssl:debug] [pid 4275] ssl_engine_init.c(413): AH01893: Configuring TLS extension handling [Thu Aug 25 15:19:43.851269 2016] [ssl:warn] [pid 4275] AH01906: localhost:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Thu Aug 25 15:19:43.851322 2016] [ssl:debug] [pid 4275] ssl_util_ssl.c(443): AH02412: [localhost:443] Cert does not match for name 'localhost' [subject: O=Internet Widgits Pty Ltd,ST=Some-State,C=AU / issuer: O=Internet Widgits Pty Ltd,ST=Some-State,C=AU / serial: DF104C2A1DF0EF15 / notbefore: Jun 13 13:48:30 2016 GMT / notafter: Jun 13 13:48:30 2017 GMT] [Thu Aug 25 15:19:43.851331 2016] [ssl:warn] [pid 4275] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name [Thu Aug 25 15:19:43.851337 2016] [ssl:info] [pid 4275] AH02568: Certificate and private key localhost:443:0 configured from /etc/ssl/server.crt and /etc/ssl/private.key [Thu Aug 25 15:19:43.851433 2016] [ssl:info] [pid 4275] AH01876: mod_ssl/2.4.23 compiled against Server: Apache/2.4.23, Library: OpenSSL/1.0.2h [Thu Aug 25 15:19:43.851458 2016] [http2:debug] [pid 4275] mod_http2.c(101): AH03089: initializing post config dry run [Thu Aug 25 15:19:43.872030 2016] [ssl:info] [pid 4276] AH01887: Init: Initializing (virtual) servers for SSL [Thu Aug 25 15:19:43.872060 2016] [ssl:info] [pid 4276] AH01914: Configuring server localhost:443 for SSL protocol [Thu Aug 25 15:19:43.872306 2016] [ssl:debug] [pid 4276] ssl_engine_init.c(413): AH01893: Configuring TLS extension handling [Thu Aug 25 15:19:43.872593 2016] [ssl:warn] [pid 4276] AH01906: localhost:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Thu Aug 25 15:19:43.872648 2016] [ssl:debug] [pid 4276] ssl_util_ssl.c(443): AH02412: [localhost:443] Cert does not match for name 'localhost' [subject: O=Internet Widgits Pty Ltd,ST=Some-State,C=AU / issuer: O=Internet Widgits Pty Ltd,ST=Some-State,C=AU / serial: DF104C2A1DF0EF15 / notbefore: Jun 13 13:48:30 2016 GMT / notafter: Jun 13 13:48:30 2017 GMT] [Thu Aug 25 15:19:43.872658 2016] [ssl:warn] [pid 4276] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name [Thu Aug 25 15:19:43.872664 2016] [ssl:info] [pid 4276] AH02568: Certificate and private key localhost:443:0 configured from /etc/ssl/server.crt and /etc/ssl/private.key [Thu Aug 25 15:19:43.872768 2016] [ssl:info] [pid 4276] AH01876: mod_ssl/2.4.23 compiled against Server: Apache/2.4.23, Library: OpenSSL/1.0.2h [Thu Aug 25 15:19:43.872802 2016] [http2:info] [pid 4276] AH03090: mod_http2 (v1.5.11, feats=CHPRIO+SHA256, nghttp2 1.12.0-DEV), initializing... [Thu Aug 25 15:19:43.895209 2016] [mpm_prefork:notice] [pid 4276] AH00163: Apache/2.4.23 (Ubuntu) OpenSSL/1.0.2h PHP/5.5.9-1ubuntu4.19 configured -- resuming normal operations [Thu Aug 25 15:19:43.895278 2016] [core:notice] [pid 4276] AH00094: Command line: '/usr/sbin/apache2' [Thu Aug 25 15:19:43.895286 2016] [core:debug] [pid 4276] log.c(1546): AH02639: Using SO_REUSEPORT: yes (1)
------ Am 25.08.2016 um 15:06 schrieb Stefan Eissing:
If you add something like LogLevel http2:debug LogLevel ssl:debug LogLevel core:debug you should find information about negotiation in your error.log. Strange that Firefox works and h2load does not. I use the later regularly in my tests. Looking forward to see some log output...Am 25.08.2016 um 14:58 schrieb Max Meyer <redeemerofsouls666@xxxxxx>: I am trying to do some benchmarking on different HTTP/2 webservers using "h2load" from nghttp2.org. I configured Apache with HTTP/2 and in wireshark I can see HTTP/2 traffic when connecting with a browser like firefox. When I use h2load it falls back to HTTP/1.1 claiming the server does not support NPN/ALPN. -------------- Example: h2load -c1 -n1024 -m1024 myapache starting benchmark... spawning thread #0: 1 total client(s). 1024 total requests TLS Protocol: TLSv1.2 Cipher: ECDHE-RSA-AES128-GCM-SHA256 No protocol negotiated. Fallback behaviour may be activated Server does not support NPN/ALPN. Falling back to HTTP/1.1. Application protocol: http/1.1 --------------- I tested h2load with an nginx installation and there it works fine, so I'm guessing that it is not a problem on the h2load side. My Apache site configuration looks like this. <IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@localhost DocumentRoot /var/www/html Protocols h2 H2Push on ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/ssl/server.crt SSLCertificateKeyFile /etc/ssl/private.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> </VirtualHost> </IfModule> Apache Version: 2.4.23 Openssl: 1.0.2h Does anyone have an idea what might be the problem? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|