TLS False Start [1] helps eliminate full RTT from the TLS handshake. All the modern browsers support it, but Chrome / FF run an NPN and forward secrecy check before enabling it [2,3]. Apache landed NPN in 552210 [4], but it does not advertise either "http/1.0" or "http/1.1" by default, which means that False Start can't be used. mod_spdy patches this in by default [5], but obviously it would be nice to not require mod_spdy to enable False Start! Finally, for an example of False Start in action (albeit on nginx), see: http://www.igvita.com/2013/12/16/optimizing-nginx-tls-time-to-first-byte/ Long story short: Apache should advertise ["http/1.0", "http/1.1"] on all TLS connections. [1] http://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00 [2] https://www.imperialviolet.org/2012/04/11/falsestart.html [3] http://src.chromium.org/viewvc/chrome/trunk/src/net/third_party/nss/ssl/sslsecur.c?revision=235907#l379 [4] https://issues.apache.org/bugzilla/show_bug.cgi?id=52210 [5] https://code.google.com/p/mod-spdy/source/browse/trunk/src/mod_spdy/mod_spdy.cc#508
Ilya, I updated my proposed patch for https://issues.apache.org/bugzilla/show_bug.cgi?id=52210 to always announce http/1.1 over NPN and ALPN. Maybe you want to have a look at it. Announcing "http/1.0" as protocol over TLS sounds like a waste of bytes. I have not heard of any client with NPN/ALPN capabilities that wants to do HTTP/1.0. Do you encounter those in real life? Cheers, Stefan