mod_ssl: performing protocol switch directly after ALPN selection, mod_http2: connection hook inits network filters to force TLS handshake, reads input only if H2Direct explicitly enabled, changes H2Direct default to off even for cleartext connections
new ap_is_allowed_protocol() for testing configured protocols, added H2Upgrade on/off directive, changed H2Direct default back to on when h2c is in Protocols
moved ssl handshake trigger from mod_http2 to new process_connection hook in mod_ssl
mod_ssl: check request-server for TLS settings compatible to handshake server, allow request if equal, renegotiation checks: remember last used cipher_suite for optimizations, deny any regnegotiation in presence of master connection
announce protocol choices on first request
fixing compilation issue for older platform
disabling protocol upgrades on slave connections
first request on master connection only reports more preferred protocols in Upgrade header
mod_ssl: follow up to r1709602. Fix "HTTP spoken on HTTPS port" broken by the SSL handshake trigger moved to process_connection hook (r1709602) along with H2Direct speculative read.
Submitted by: icing, ylavic Reviewed/backported by: jim
mod_ssl: forward EOR (only) brigades to the core_output_filter().
mod_ssl: don't FLUSH output (blocking) on read. This defeats deferred write (and pipelining), eg. check_pipeline() is not expecting the pipe to be flushed under it. So let OpenSSL >= 0.9.8m issue the flush when necessary (earlier versions are known to not handle all the cases, so we keep flushing with those).
mod_ssl: follow up to r1705823. Oups, every #if needs a #endif...
mod_ssl: pass through metadata buckets untouched in ssl_io_filter_output(), the core output filter needs them.
Proposed by: jorton
mod_ssl: follow up to r1705194, r1705823, r1705826 and r1705828. Add CHANGES entry, and restore ap_process_request_after_handler()'s comment as prior to r1705194 (the change makes no sense now).
mod_ssl: follow up to r1705823. We still need to flush in the middle of a SSL/TLS handshake.
mod_ssl: follow up to r1705823. Flush SSL/TLS handshake data when writing (instead of before reading), and only when necessary (openssl < 0.9.8m or proxy/client side).
mod_ssl: follow up to r1707230: fix (inverted) logic for SSL_in_connect_init().