NSS 3.15.5 added support for configuring NPN and ALPN, https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.15.5_release_notes:
"Two SSL socket options, SSL_ENABLE_NPN and SSL_ENABLE_ALPN, can be used to control whether NPN or ALPN (or both) should be used for application layer protocol negotiation."
http://www.iana.org/go/draft-friedl-tls-applayerprotoneg
NPN is currently enabled by default and ALPN is disabled by default.
From ssl.h:
/ SSL_ENABLE_NPN controls whether the NPN extension is enabled for the initial - handshake when application layer protocol negotiation is used. - SSL_SetNextProtoCallback or SSL_SetNextProtoNego must be used to control the - application layer protocol negotiation; otherwise, the NPN extension will - not be negotiated. SSL_ENABLE_NPN is currently enabled by default but this - may change in future versions. /
/ SSL_ENABLE_ALPN controls whether the ALPN extension is enabled for the - initial handshake when application layer protocol negotiation is used. - SSL_SetNextProtoNego (not SSL_SetNextProtoCallback) must be used to control - the application layer protocol negotiation; otherwise, the ALPN extension - will not be negotiated. ALPN is not negotiated for renegotiation handshakes, - even though the ALPN specification defines a way to use ALPN during - renegotiations. SSL_ENABLE_ALPN is currently disabled by default, but this - may change in future versions. /
Note that mod_http2 will require changes for mod_nss to support HTTP/2. This is because there is some module ordering needed and currently only mod_ssl is included in the list. The diffs are very minor.
Login to comment on this ticket.