2015-09-24 14:58 GMT+03:00 <ma...@apache.org>: > Author: markt > Date: Thu Sep 24 11:58:05 2015 > New Revision: 1705039 > > URL: http://svn.apache.org/viewvc?rev=1705039&view=rev > Log: > Update notes for running Tomcat with HTTP/2 support. > > Modified: > tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java > > Modified: tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java?rev=1705039&r1=1705038&r2=1705039&view=diff > ============================================================================== > --- tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java > (original) > +++ tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java Thu > Sep 24 11:58:05 2015 > @@ -64,10 +64,8 @@ import org.apache.tomcat.util.res.String > * <br> > * Note: > * <ul> > - * <li>Unless Tomcat is configured with an ECC certificate, FireFox (tested > with > - * v37.0.2) needs to be configured with > - * network.http.spdy.enforce-tls-profile=false in order for FireFox to be > - * able to connect.</li> > + * <li>Tomcat needs to be configured with honorCipherOrder="false" otherwise > + * Tomcat will prefer a cipher suite that is blacklisted by HTTP/2.</li>
The above is odd. Note that "false" is the default. When it is "true" , you can reorder cipher suites at server side to avoid blacklisted ones to be selected by moving them to the end. Shouldn't strong ciphers be at the start of the default/recommended list? When it is "false", you can change cipher suites at server side to omit the blacklisted ones. > * <li>You will need to nest an <UpgradeProtocol > * className="org.apache.coyote.http2.Http2Protocol" /> element inside > * a TLS enabled Connector element in server.xml to enable HTTP/2 > support. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
