Remove NPN

doc/sources/h2load-howto.rst

@@ -30,8 +30,8 @@ In order to set benchmark settings, specify following 3 options.
 :option:`-m`
    The max concurrent streams to issue per client.  Default: 1
 
-For SSL/TLS connection, the protocol will be negotiated via ALPN/NPN.
-You can set specific protocols in :option:`--npn-list` option.  For
+For SSL/TLS connection, the protocol will be negotiated via ALPN.  You
+can set specific protocols in :option:`--npn-list` option.  For
 cleartext connection, the default protocol is HTTP/2.  To change the
 protocol in cleartext connection, use :option:`--no-tls-proto` option.
 For convenience, :option:`--h1` option forces HTTP/1.1 for both

doc/sources/nghttpx-howto.rst

@@ -20,7 +20,7 @@ known as "HTTP/2 router".
 By default, frontend connection is encrypted using SSL/TLS.  So
 server's private key and certificate must be supplied to the command
 line (or through configuration file).  In this case, the frontend
-protocol selection will be done via ALPN or NPN.
+protocol selection will be done via ALPN.
 
 To turn off encryption on frontend connection, use ``no-tls`` keyword
 in :option:`--frontend` option.  HTTP/2 and HTTP/1 are available on

doc/sources/tutorial-client.rst

@@ -18,34 +18,8 @@ note that nghttp2 itself does not depend on libevent.
 
 The client starts with some libevent and OpenSSL setup in the
 ``main()`` and ``run()`` functions. This setup isn't specific to
-nghttp2, but one thing you should look at is setup of the NPN
-callback.  The NPN callback is used by the client to select the next
-application protocol over TLS. In this tutorial, we use the
-`nghttp2_select_next_protocol()` helper function to select the HTTP/2
-protocol the library supports::
-
-    static int select_next_proto_cb(SSL *ssl _U_, unsigned char **out,
-                                    unsigned char *outlen, const unsigned char *in,
-                                    unsigned int inlen, void *arg _U_) {
-      if (nghttp2_select_next_protocol(out, outlen, in, inlen) <= 0) {
-        errx(1, "Server did not advertise " NGHTTP2_PROTO_VERSION_ID);
-      }
-      return SSL_TLSEXT_ERR_OK;
-    }
-
-If you are following TLS related RFC, you know that NPN is not the
-standardized way to negotiate HTTP/2.  NPN itself is not event
-published as RFC.  The standard way to negotiate HTTP/2 is ALPN,
-Application-Layer Protocol Negotiation Extension, defined in `RFC 7301
-<https://tools.ietf.org/html/rfc7301>`_.  The one caveat of ALPN is
-that OpenSSL >= 1.0.2 is required.  We use macro to enable/disable
-ALPN support depending on OpenSSL version.  OpenSSL's ALPN
-implementation does not require callback function like the above.  But
-we have to instruct OpenSSL SSL_CTX to use ALPN, which we'll talk
-about soon.
-
-The callback is added to the SSL_CTX object using
-``SSL_CTX_set_next_proto_select_cb()``::
+nghttp2, but one thing you should look at is setup of ALPN.  Client
+tells application protocols that it supports to server via ALPN::
 
     static SSL_CTX *create_ssl_ctx(void) {
       SSL_CTX *ssl_ctx;
@@ -58,7 +32,6 @@ The callback is added to the SSL_CTX object using
                           SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
                               SSL_OP_NO_COMPRESSION |
                               SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
-      SSL_CTX_set_next_proto_select_cb(ssl_ctx, select_next_proto_cb, NULL);
 
       SSL_CTX_set_alpn_protos(ssl_ctx, (const unsigned char *)"\x02h2", 3);
 
@@ -153,10 +126,7 @@ underlying network socket::
 
         ssl = bufferevent_openssl_get_ssl(session_data->bev);
 
-        SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen);
-        if (alpn == NULL) {
-          SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);
-        }
+        SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);
 
         if (alpn == NULL || alpnlen != 2 || memcmp("h2", alpn, 2) != 0) {
           fprintf(stderr, "h2 is not negotiated\n");

doc/sources/tutorial-server.rst

@@ -21,33 +21,11 @@ note that nghttp2 itself does not depend on libevent.
 
 The server starts with some libevent and OpenSSL setup in the
 ``main()`` and ``run()`` functions. This setup isn't specific to
-nghttp2, but one thing you should look at is setup of the NPN
-callback. The NPN callback is used by the server to advertise which
-application protocols the server supports to a client.  In this
-example program, when creating the ``SSL_CTX`` object, we store the
-application protocol name in the wire format of NPN in a statically
-allocated buffer. This is safe because we only create one ``SSL_CTX``
-object in the program's entire lifetime.
-
-If you are following TLS related RFC, you know that NPN is not the
-standardized way to negotiate HTTP/2.  NPN itself is not even
-published as RFC.  The standard way to negotiate HTTP/2 is ALPN,
-Application-Layer Protocol Negotiation Extension, defined in `RFC 7301
-<https://tools.ietf.org/html/rfc7301>`_.  The one caveat of ALPN is
-that OpenSSL >= 1.0.2 is required.  We use macro to enable/disable
-ALPN support depending on OpenSSL version.  In ALPN, client sends the
-list of supported application protocols, and server selects one of
-them.  We provide the callback for it::
-
-    static unsigned char next_proto_list[256];
-    static size_t next_proto_list_len;
-
-    static int next_proto_cb(SSL *s _U_, const unsigned char **data,
-                             unsigned int *len, void *arg _U_) {
-      *data = next_proto_list;
-      *len = (unsigned int)next_proto_list_len;
-      return SSL_TLSEXT_ERR_OK;
-    }
+nghttp2, but one thing you should look at is setup of ALPN callback.
+The ALPN callback is used by the server to select application
+protocols offered by client.  In ALPN, client sends the list of
+supported application protocols, and server selects one of them.  We
+provide the callback for it::
 
     static int alpn_select_proto_cb(SSL *ssl _U_, const unsigned char **out,
                                     unsigned char *outlen, const unsigned char *in,
@@ -71,28 +49,11 @@ them.  We provide the callback for it::
 
       ...
 
-      next_proto_list[0] = NGHTTP2_PROTO_VERSION_ID_LEN;
-      memcpy(&next_proto_list[1], NGHTTP2_PROTO_VERSION_ID,
-             NGHTTP2_PROTO_VERSION_ID_LEN);
-      next_proto_list_len = 1 + NGHTTP2_PROTO_VERSION_ID_LEN;
-
-      SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, NULL);
-
       SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, NULL);
 
       return ssl_ctx;
     }
 
-The wire format of NPN is a sequence of length prefixed strings, with
-exactly one byte used to specify the length of each protocol
-identifier.  In this tutorial, we advertise the specific HTTP/2
-protocol version the current nghttp2 library supports, which is
-exported in the identifier :macro:`NGHTTP2_PROTO_VERSION_ID`. The
-``next_proto_cb()`` function is the server-side NPN callback. In the
-OpenSSL implementation, we just assign the pointer to the NPN buffers
-we filled in earlier. The NPN callback function is set to the
-``SSL_CTX`` object using ``SSL_CTX_set_next_protos_advertised_cb()``.
-
 In ``alpn_select_proto_cb()``, we use `nghttp2_select_next_protocol()`
 to select application protocol.  The `nghttp2_select_next_protocol()`
 returns 1 only if it selected h2 (ALPN identifier for HTTP/2), and out
@@ -209,10 +170,7 @@ underlying network socket::
 
         ssl = bufferevent_openssl_get_ssl(session_data->bev);
 
-        SSL_get0_next_proto_negotiated(ssl, &alpn, &alpnlen);
-        if (alpn == NULL) {
-          SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);
-        }
+        SSL_get0_alpn_selected(ssl, &alpn, &alpnlen);
 
         if (alpn == NULL || alpnlen != 2 || memcmp("h2", alpn, 2) != 0) {
           fprintf(stderr, "%s h2 is not negotiated\n", session_data->client_addr);