ironport · samrushing · Jul 9, 2015 · Jul 9, 2015 · Jul 9, 2015 · Jul 11, 2015
diff --git a/coro/http/__init__.py b/coro/http/__init__.py
@@ -1,9 +1,10 @@
 # -*- Mode: Python -*-
 
-from server import server, tlslite_server, openssl_server, connection, http_request
+from server import server, tlslite_server, openssl_server, s2n_server, connection, http_request
 import handlers
 import coro
 from coro import read_stream
 import http_date
 import session_handler
 import spdy
+import h2
diff --git a/coro/http/cert/convert.py b/coro/http/cert/convert.py
@@ -0,0 +1,36 @@
+# -*- Mode: Python -*-
+
+# utility to convert a modern rfc5280 rsa key file to
+#  an older-style rsa-only key file (for s2n).  I expect
+#  s2n to will soon handle rfc5280, so this should be temporary.
+
+import base64
+from coro.asn1.ber import *
+
+# can't use base64 module output directly,
+#   PEM requires lines of length 64.
+def b64_at_width (data, width=64):
+    encoded = base64.encodestring (data)
+    lines = encoded.split ('\n')
+    oneline = ''.join (lines)
+    result = []
+    for i in range (0, len(oneline), 64):
+        result.append (oneline[i:i+64] + '\n')
+    return ''.join (result)
+
+lines = open ('server.key', 'rb').readlines()
+assert (lines[0] == '-----BEGIN PRIVATE KEY-----\n')
+assert (lines[-1] == '-----END PRIVATE KEY-----\n')
+der = base64.decodestring (''.join (lines[1:-1]))
+d0, size = decode (der)
+assert len(der) == size
+assert d0[0] == 0
+assert d0[1] == [('oid', [1, 2, 840, 113549, 1, 1, 1]), None]
+f = open ('server.raw.key', 'wb')
+f2 = open ('/tmp/x.der', 'wb')
+f.write ('-----BEGIN RSA PRIVATE KEY-----\n')
+f.write (b64_at_width (d0[2]))
+f2.write (d0[2])
+f.write ('-----END RSA PRIVATE KEY-----\n')
+f.close()
+f2.close()
diff --git a/coro/http/cert/dhparam.pem b/coro/http/cert/dhparam.pem
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAkcTH+esuX5lJyGsS9v+FhAZI7kgefoFjLIH41H+zQzf9YjnCB9Jq
+h6snUFuckh2kJVDfR0Jft92ZdwkCyvoGahVAd4tWDCAFQfPnS9aRnc9Nx4qlZayD
++6gtUF0ZSI01Y26PdtVvjndf6uf8o4wnK3SCiC3KbA/3MEvsTdcUi7W3VzV1tQGw
+Q6xmIIWBOi5E/foJLW/c0Ns/EzHPoV48YGZb6yKl8LsX2RzFZTOz0GGF6+o/wrCr
+N7ev3D0TeQgjIdKdz2pjz9fzUhhCi/gfQ6uHGisIPx4uYxH5OODEjkuVWvz2rb0x
+O/1ZmXWXYPhZAmvuttm67fPW3CHjdCEaQwIBAg==
+-----END DH PARAMETERS-----
diff --git a/coro/http/cert/server.crt b/coro/http/cert/server.crt
@@ -1,15 +1,20 @@
 -----BEGIN CERTIFICATE-----
-MIICQTCCAaoCCQDQvDSH5q2j7jANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJV
-UzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxETAPBgNV
-BAoTCFNocmFwbmVsMRswGQYDVQQDExJzaHJhcG5lbCB0ZXN0IGNlcnQwHhcNMTIw
-MzEzMjIwNjEyWhcNMTMwMzEzMjIwNjEyWjBlMQswCQYDVQQGEwJVUzETMBEGA1UE
-CBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxETAPBgNVBAoTCFNocmFw
-bmVsMRswGQYDVQQDExJzaHJhcG5lbCB0ZXN0IGNlcnQwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAKEEpkHzToFxX4ui0GxsrscU73VZ/KpfS13oSZ+3m3bjg0Fu
-Y8Gird/IYqKCPoGSxcNOijoNGCe9G3Jtfo387yOGlQF8scYrv9nBihIk1X20GGyq
-3iIGV8cgG3Yc+IwsZMA3rAjv6edx4TL8q1rBKNjbk6mcgKpFzi24Vh2Jdx41AgMB
-AAEwDQYJKoZIhvcNAQEFBQADgYEAFR3lhtBGvYDc5xA8rnUJh8z/LAI17aVpeb4B
-HArVnK7rB2OiN7voMwKMDD3F9X0czbieyoCocEXPkL/QpITRDnRklWIWAKpktZ1U
-xdX7TaYBVSK96R9r1tuNkKRNNtrdiesMt4JTrjU0ORwXaEX4WUCiqSOr1O0fPI69
-En3Ip7k=
+MIIDUzCCAjugAwIBAgIJAPP2xS7wk9YuMA0GCSqGSIb3DQEBCwUAMEAxFDASBgNV
+BAMMC2V4YW1wbGUuY29tMRswGQYDVQQKDBJzaHJhcG5lbCBkZW1vIGNlcnQxCzAJ
+BgNVBAYTAlVTMB4XDTE1MDkxNTIzMzU1MloXDTE2MDkxNDIzMzU1MlowQDEUMBIG
+A1UEAwwLZXhhbXBsZS5jb20xGzAZBgNVBAoMEnNocmFwbmVsIGRlbW8gY2VydDEL
+MAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtMhYt
+XogpUX1ibFcvgcDI5hKmiqUVwiU5MpXpDrrmFYAveTTsnEisIUo34JnqkK+omG6i
+fa+j1BaiYs/TgxFrD8OW4vX9sAnE5LbhNNPWc3F8edvPqtWjfi7nH3btHe9f09p+
+fFt8EkyUge0RYGjxdMrfGAV7T19lKtESKIut7FHPkITV64qFoIcOEHK6PTJ6u7gO
+afBWhmJ5q+yE/c+Pq+dkm4oN529UnR1isvFDaqhgxGL3r6Sm632ujLKlW5370F0X
+YkFR8wEYi29pEE5lvsootRlb0FwJcl2tzy2LXugZ9bUXW4vqGjkJqc5fO/zYcwgK
+sBxQR4lKDpucXDjbAgMBAAGjUDBOMB0GA1UdDgQWBBS+gAbkAILVhOIExdEm5h2N
+/aF9QzAfBgNVHSMEGDAWgBS+gAbkAILVhOIExdEm5h2N/aF9QzAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCrtuE10LWbTGuo7dfWSEiIf0rF6lq36yos
+0Qy9ECo9Pdc5LU0MShnbzkmfjkfggQOwstrITDQB9T8FpzmNcnqm8kxdNs7c4Z4a
++u4niI3rHcZBb0dqThQ8sH/eFjMKJmXlSS9wg4e7N7QtVwhDZzyptaUccjEq8IQm
+uVpVOK2X54vnuKtmlUxqQ57OPTMqNEESkT9zZtLrZ0qKceyM9jCoXAVMCa7iuuKb
+P2T2cJEhKpUHochpOiepWfHx9nJUu8Ki6pWdhFsytLKHgc2Kh61sSDqxabxSDesT
+gSmBsKvtn7BIuJTp7JSVxqUyuBc30LvDxBH3wPg2ygmlTfo2MYds
 -----END CERTIFICATE-----
diff --git a/coro/http/cert/server.key b/coro/http/cert/server.key
@@ -1,15 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQChBKZB806BcV+LotBsbK7HFO91WfyqX0td6Emft5t244NBbmPB
-oq3fyGKigj6BksXDToo6DRgnvRtybX6N/O8jhpUBfLHGK7/ZwYoSJNV9tBhsqt4i
-BlfHIBt2HPiMLGTAN6wI7+nnceEy/KtawSjY25OpnICqRc4tuFYdiXceNQIDAQAB
-AoGBAJTwpQ1KDusjQLr8Loise3sBPYKya0n4/dDuhfOsNaziRE4o2zOI1Aa056/k
-hAb9Cdtf8fJCnH5dqV7OM4sJVPVyqZcqlVElaFtJR0skcztmv+h2mDdwyK1D6crl
-x+hgKdur7uBDzg7CV7BttynNjD1a3gZ+swZ9ddY4K14Xv5adAkEA0yx2jctDKu49
-SSbAcf3hl1huJafrl/OWaucHVSm0S0BgJ3QQ+5v+I9tF9MZ5znKNFStJ56oEQ3MX
-wZlexhICcwJBAMMypmgz8Noa1IXsoHqe0fFDzfZwaLjxZ+MBvKZB5JYG/y9x8dp+
-BFR8kiarIbvVpcyz2WnKQexLLvjfIsZtqrcCQDw7kXEuSfFD1N05nWimNqNZiMla
-1RsZUo0ZaoEDDTbtnL+EHpf1zY5iq9h+iB23lMA2AbV/TAoFGQCSg3LRjjsCQHI1
-S2oCofRq6FfniEnWbQ3V10dOo+c5z8fhd0hrm1wwgdR3vcNSIiRwsm6PiHBHY/fu
-btHX9lRT9QrGO6mP9ucCQGMncWmOaDfi/MjunZmxPwE0bbnClGAPOoZmP73baX61
-r3vmoTzLzrvcmPBo4mBDu6bP25wHcuQNSvyUBwFHhLs=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCtMhYtXogpUX1i
+bFcvgcDI5hKmiqUVwiU5MpXpDrrmFYAveTTsnEisIUo34JnqkK+omG6ifa+j1Bai
+Ys/TgxFrD8OW4vX9sAnE5LbhNNPWc3F8edvPqtWjfi7nH3btHe9f09p+fFt8EkyU
+ge0RYGjxdMrfGAV7T19lKtESKIut7FHPkITV64qFoIcOEHK6PTJ6u7gOafBWhmJ5
+q+yE/c+Pq+dkm4oN529UnR1isvFDaqhgxGL3r6Sm632ujLKlW5370F0XYkFR8wEY
+i29pEE5lvsootRlb0FwJcl2tzy2LXugZ9bUXW4vqGjkJqc5fO/zYcwgKsBxQR4lK
+DpucXDjbAgMBAAECggEAPWwH5WsjCtQ1jVQyz0xK3HSLpLiCt2a04MYJ2C87JSH2
+5d8sX8VFGJZtxcdHjqJlSXtVsRa11Xn/1PMKFU7kPH3ItZgj+SYXMNaT7OZZQjKK
+ysREqi9BuMulQp4sBQeavvdZA4aCw0uSERDKzGDOluL+l4PjXcnWYQCASNpMPw98
+sWCkIVYoZ4S5LxGS7u2qr0Tq2yxSYRZmYxWwlXFmB8TDJiXlQ2/cgoOopn4gH+F/
+RpUOGGNfysxDzACiLkHs64MYcmJQUCI57deXNR6bQcSqUOxCkTr8FZcCnw7mYyJl
+SOjo4FneRfDIlkIe9V++OnweVp9uD6i9/YgAV2wPcQKBgQDbbHEi2L3KFl1fo+q6
+uJg9ct1BUR1OgEt/bmWOHX+FNBfvvOSZB7JiHT93jvVKgIJTsA/eS7bwGEyHmy/I
+anzK3opDYZgvDM0L1UmUO0e72YcAWNpiAUwQh1wDjaQ1d6eM0okbsh9VAyOdIjYP
+GO6Tw1BPjfL4n0epfXjRgbi1jwKBgQDKEPB8/zPEu933dakDGRlGZVfBLLtEZV3P
+DBxzeT+70RKJUs2SZQexv1PU/V4EL8eJ7wWT7Am1s2MJGxcllqoYmawB5wQWmtuF
+ZfVWbHr1t/JOwxI2jh0j6mIKqn5mONlBNEdfVb2Vm3rjSfVaV8km+IQaJ/OQ1WH5
+PV/GiqyZ9QKBgBf8VrG0d6qrnzFhPbuDikDNWZpWP5nhNF+NtdQ/LT1mYGd4gpSn
+3rwS7mknW3D1c0mqqVFnfWvpfBQmxqZl3ZZflUWgWX5rK87rVcu6XzENqlBDZjvo
+YGQ+J7TLuvONTOd77Dj20637Vd1LbBViaFIGu7S2k6TR5IeGi7p7L7HJAoGAYuEj
+LaecZ5sfJWb4S8HOcnpJFQiUowWPgDAHBCLDI19N2NEiM48o0rwzg7hwd1ACLuc+
+LYKFxdqAjgYpr4Uou10HpO6tO3qQDZk1ExOGoBNhiVU/5l5ouBiL3XhM3izXc2bn
+vikw2rL40ZxxacInduCJlFsUfz1L8jEsWvWlPLkCgYBMn1ZEHGlekaw8xkdmBbqH
+g4ssQ6SWza/VRDwq8hTCBqVGXWE/XClAlGirB2wanl6J/XcvBO1UH1I8UmJoE+/2
+v0CiJ1UHH3UY/4n3KQK0iKVdewJrJfqUG1iRZ8wPKJ2E4Y3mYG0UGTDo1GIyoJyQ
+FeXqsyNrI7zrmAbdgVwQfw==
+-----END PRIVATE KEY-----
diff --git a/coro/http/cert/server.raw.key b/coro/http/cert/server.raw.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEArTIWLV6IKVF9YmxXL4HAyOYSpoqlFcIlOTKV6Q665hWAL3k0
+7JxIrCFKN+CZ6pCvqJhuon2vo9QWomLP04MRaw/DluL1/bAJxOS24TTT1nNxfHnb
+z6rVo34u5x927R3vX9PafnxbfBJMlIHtEWBo8XTK3xgFe09fZSrREiiLrexRz5CE
+1euKhaCHDhByuj0yeru4DmnwVoZieavshP3Pj6vnZJuKDedvVJ0dYrLxQ2qoYMRi
+96+kput9royypVud+9BdF2JBUfMBGItvaRBOZb7KKLUZW9BcCXJdrc8ti17oGfW1
+F1uL6ho5CanOXzv82HMICrAcUEeJSg6bnFw42wIDAQABAoIBAD1sB+VrIwrUNY1U
+Ms9MStx0i6S4grdmtODGCdgvOyUh9uXfLF/FRRiWbcXHR46iZUl7VbEWtdV5/9Tz
+ChVO5Dx9yLWYI/kmFzDWk+zmWUIyisrERKovQbjLpUKeLAUHmr73WQOGgsNLkhEQ
+ysxgzpbi/peD413J1mEAgEjaTD8PfLFgpCFWKGeEuS8Rku7tqq9E6tssUmEWZmMV
+sJVxZgfEwyYl5UNv3IKDqKZ+IB/hf0aVDhhjX8rMQ8wAoi5B7OuDGHJiUFAiOe3X
+lzUem0HEqlDsQpE6/BWXAp8O5mMiZUjo6OBZ3kXwyJZCHvVfvjp8Hlafbg+ovf2I
+AFdsD3ECgYEA22xxIti9yhZdX6PquriYPXLdQVEdToBLf25ljh1/hTQX77zkmQey
+Yh0/d471SoCCU7AP3ku28BhMh5svyGp8yt6KQ2GYLwzNC9VJlDtHu9mHAFjaYgFM
+EIdcA42kNXenjNKJG7IfVQMjnSI2Dxjuk8NQT43y+J9HqX140YG4tY8CgYEAyhDw
+fP8zxLvd93WpAxkZRmVXwSy7RGVdzwwcc3k/u9ESiVLNkmUHsb9T1P1eBC/Hie8F
+k+wJtbNjCRsXJZaqGJmsAecEFprbhWX1Vmx69bfyTsMSNo4dI+piCqp+ZjjZQTRH
+X1W9lZt640n1WlfJJviEGifzkNVh+T1fxoqsmfUCgYAX/FaxtHeqq58xYT27g4pA
+zVmaVj+Z4TRfjbXUPy09ZmBneIKUp968Eu5pJ1tw9XNJqqlRZ31r6XwUJsamZd2W
+X5VFoFl+ayvO61XLul8xDapQQ2Y76GBkPie0y7rzjUzne+w49tOt+1XdS2wVYmhS
+Bru0tpOk0eSHhou6ey+xyQKBgGLhIy2nnGebHyVm+EvBznJ6SRUIlKMFj4AwBwQi
+wyNfTdjRIjOPKNK8M4O4cHdQAi7nPi2ChcXagI4GKa+FKLtdB6TurTt6kA2ZNRMT
+hqATYYlVP+ZeaLgYi914TN4s13Nm574pMNqy+NGccWnCJ3bgiZRbFH89S/IxLFr1
+pTy5AoGATJ9WRBxpXpGsPMZHZgW6h4OLLEOkls2v1UQ8KvIUwgalRl1hP1wpQJRo
+qwdsGp5eif13LwTtVB9SPFJiaBPv9r9AoidVBx91GP+J9ykCtIilXXsCayX6lBtY
+kWfMDyidhOGN5mBtFBkw6NRiMqCckBXl6rMjayO865gG3YFcEH8=
+-----END RSA PRIVATE KEY-----
diff --git a/coro/http/demo/h2_s2n_server.py b/coro/http/demo/h2_s2n_server.py
@@ -0,0 +1,22 @@
+import coro
+import coro.ssl.s2n
+import coro.http.h2
+import coro.backdoor
+
+cfg = coro.ssl.s2n.Config()
+cfg.add_cert_chain_and_key (
+    open ('cert/server.crt').read(),
+    open ('cert/server.raw.key').read()
+)
+cfg.add_dhparams (open ('cert/dhparam.pem').read())
+cfg.set_cipher_preferences ('default')
+cfg.set_protocol_preferences (['h2', 'http/1.1'])
+#cfg.set_protocol_preferences (['http/1.1'])
+
+server = coro.http.h2.h2_s2n_server (cfg)
+server.push_handler (coro.http.handlers.favicon_handler())
+server.push_handler (coro.http.handlers.coro_status_handler())
+server.push_handler (coro.http.handlers.listdir_handler ('../../..'))
+coro.spawn (server.start, ('0.0.0.0', 8443))
+coro.spawn (coro.backdoor.serve, unix_path='/tmp/h2s.bd')
+coro.event_loop (30.0)
diff --git a/coro/http/demo/h2_server.py b/coro/http/demo/h2_server.py
@@ -0,0 +1,33 @@
+import coro
+import coro.ssl
+import coro.http.spdy
+import coro.backdoor
+from pygments_handler import pygments_handler
+
+# note: firefox will not connect to openssl h2 server unless you set
+#  'network.http.spdy.enforce-tls-profile' to false. [see about:config]
+#  chrome works, though.
+# according to https://nghttp2.org/blog/2014/09/15/host-lucid-erlang-http-slash-2-server/
+#  this is because AEAD is missing.
+
+# god how I love openssl.
+cipher_suite = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK"
+
+ctx = coro.ssl.new_ctx (
+    cert=coro.ssl.x509 (open ('cert/server.crt').read()),
+    key=coro.ssl.pkey (open ('cert/server.key').read(), '', True),
+    alpn_protos=['h2', 'http/1.1'],
+    proto='tlsv2',
+    ciphers = cipher_suite,
+    dhparam=coro.ssl.dh_param (open ('cert/dhparam.pem').read()),
+)
+
+server = coro.http.h2.h2_openssl_server (ctx)
+server.push_handler (coro.http.handlers.favicon_handler())
+server.push_handler (coro.http.handlers.coro_status_handler())
+lh = coro.http.handlers.listdir_handler ('../../..')
+ph = pygments_handler (lh)
+server.push_handler (ph)
+coro.spawn (server.start, ('0.0.0.0', 8443))
+coro.spawn (coro.backdoor.serve, unix_path='/tmp/h2s.bd')
+coro.event_loop (30.0)
diff --git a/coro/http/demo/pygments_handler.py b/coro/http/demo/pygments_handler.py
@@ -0,0 +1,61 @@
+# -*- Mode: Python -*-
+
+import coro
+from coro.http.handlers import file_handler
+
+import pygments
+import pygments.lexer
+import pygments.lexers
+import pygments.formatters
+import pygments.util
+
+from coro.log import Facility
+
+LOG = Facility ('pygments_handler')
+
+# unfortunately there doesn't seem to be any way to
+#  stream data to the lexer, it needs the entire file
+#  in a string.
+
+class pygments_request_wrapper:
+
+    def __init__ (self, req, lex):
+        self._req = req
+        self._lex = lex
+        self._data = []
+
+    def __getattr__ (self, name):
+        return getattr (self._req, name)
+
+    def push (self, data):
+        self._data.append (data)
+
+    def done (self):
+        form = pygments.formatters.get_formatter_by_name ('html', full=True)
+        self._req.reply_headers.set_one ('content-type', 'text/html', override=True)
+        self._req.set_deflate()
+        code = b''.join (self._data)
+        form.format (pygments.lex (code, self._lex), self)
+        self._req.done()
+
+    def write (self, data):
+        if type(data) is unicode:
+            self._req.push (data.encode ('utf8'))
+        else:
+            self._req.push (data)
+
+class pygments_handler:
+
+    def __init__ (self, inner_handler):
+        self.inner_handler = inner_handler
+
+    def match (self, req):
+        return self.inner_handler.match (req)
+
+    def handle_request (self, req):
+        try:
+            lex = pygments.lexers.get_lexer_for_filename (req.path)
+            req = pygments_request_wrapper (req, lex)
+        except pygments.util.ClassNotFound:
+            pass
+        self.inner_handler.handle_request (req)
diff --git a/coro/http/demo/s2n_server.py b/coro/http/demo/s2n_server.py
@@ -0,0 +1,21 @@
+import coro
+import coro.ssl.s2n
+import coro.http.spdy
+import coro.backdoor
+
+cfg = coro.ssl.s2n.Config()
+cfg.add_cert_chain_and_key (
+    open ('cert/server.crt').read(),
+    open ('cert/server.raw.key').read()
+)
+cfg.add_dhparams (open ('cert/dhparam.pem').read())
+cfg.set_cipher_preferences ('default')
+cfg.set_protocol_preferences (['spdy/3.1', 'http/1.1'])
+
+server = coro.http.spdy.spdy_s2n_server (cfg)
+server.push_handler (coro.http.handlers.favicon_handler())
+server.push_handler (coro.http.handlers.coro_status_handler())
+server.push_handler (coro.http.handlers.file_handler ('.'))
+coro.spawn (server.start, ('0.0.0.0', 7443))
+coro.spawn (coro.backdoor.serve, unix_path='/tmp/spdys.bd')
+coro.event_loop (30.0)
diff --git a/coro/http/demo/spdy_client.py b/coro/http/demo/spdy_client.py
@@ -10,15 +10,13 @@
 W = coro.write_stderr
 
 ctx = coro.ssl.new_ctx (
-    # cert=coro.ssl.x509 (open ('cert/server.crt').read()),
-    # key=coro.ssl.pkey (open ('cert/server.key').read(), '', True),
-    next_protos=['spdy/2', 'http/1.1'],
-    proto='tlsv1',
+    #next_protos=['spdy/3.1', 'http/1.1'],
+    alpn_protos=['spdy/3.1', 'http/1.1'],
+    proto='tlsv2',
 )
 
 def t0():
     global ctx, s, c
-    # ctx = coro.ssl.new_ctx (proto='tlsv1', next_protos=['spdy/2', 'http/1.1'])
     s = coro.ssl.sock (ctx)
     c = spdy_client ('127.0.0.1', 9443, s)
     W ('negotiated: %r\n' % (s.ssl.get_next_protos_negotiated(),))
@@ -31,4 +29,5 @@ def t0():
 
 if __name__ == '__main__':
     coro.spawn (coro.backdoor.serve, unix_path='/tmp/spdy_client.bd')
+    coro.spawn (t0)
     coro.event_loop (30.0)
diff --git a/coro/http/demo/spdy_server.py b/coro/http/demo/spdy_server.py
@@ -6,13 +6,15 @@
 ctx = coro.ssl.new_ctx (
     cert=coro.ssl.x509 (open ('cert/server.crt').read()),
     key=coro.ssl.pkey (open ('cert/server.key').read(), '', True),
-    next_protos=['spdy/3', 'http/1.1'],
-    proto='tlsv1',
+    #next_protos=['spdy/3.1', 'http/1.1'],
+    alpn_protos=['h2'], #'http/1.1'],
+    proto='tlsv2',
 )
 
 server = coro.http.spdy.spdy_openssl_server (ctx)
 server.push_handler (coro.http.handlers.favicon_handler())
 server.push_handler (coro.http.handlers.coro_status_handler())
-coro.spawn (server.start, ('0.0.0.0', 9443))
+server.push_handler (coro.http.handlers.file_handler ('.'))
+coro.spawn (server.start, ('0.0.0.0', 8443))
 coro.spawn (coro.backdoor.serve, unix_path='/tmp/spdys.bd')
 coro.event_loop (30.0)