diff -u --recursive modules/ssl/mod_ssl.c modules/ssl.npn/mod_ssl.c
--- modules/ssl/mod_ssl.c	2012-10-07 08:39:16.000000000 +0200
+++ modules/ssl.npn/mod_ssl.c	2013-08-05 13:18:17.000000000 +0200
@@ -237,6 +237,18 @@
     AP_END_CMD
 };
 
+/* Implement 'modssl_run_npn_advertise_protos_hook'. */
+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
+    modssl, AP, int, npn_advertise_protos_hook,
+    (conn_rec *connection, apr_array_header_t *protos),
+    (connection, protos), OK, DECLINED);
+
+/* Implement 'modssl_run_npn_proto_negotiated_hook'. */
+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
+    modssl, AP, int, npn_proto_negotiated_hook,
+    (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len),
+    (connection, proto_name, proto_name_len), OK, DECLINED);
+
 /*
  *  the various processing hooks
  */
diff -u --recursive modules/ssl/mod_ssl.h modules/ssl.npn/mod_ssl.h
--- modules/ssl/mod_ssl.h	2013-08-05 13:17:34.000000000 +0200
+++ modules/ssl.npn/mod_ssl.h	2013-08-05 13:18:17.000000000 +0200
@@ -64,5 +64,26 @@
 
 APR_DECLARE_OPTIONAL_FN(apr_array_header_t *, ssl_extlist_by_oid, (request_rec *r, const char *oidstr));
 
+/** The npn_advertise_protos optional hook allows other modules to add entries
+ * to the list of protocol names advertised by the server during the Next
+ * Protocol Negotiation (NPN) portion of the SSL handshake.  The hook callee is
+ * given the connection and an APR array; it should push one or more char*'s
+ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto
+ * the array and return OK, or do nothing and return DECLINED. */
+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook,
+                          (conn_rec *connection, apr_array_header_t *protos));
+
+/** The npn_proto_negotiated optional hook allows other modules to discover the
+ * name of the protocol that was chosen during the Next Protocol Negotiation
+ * (NPN) portion of the SSL handshake.  Note that this may be the empty string
+ * (in which case modules should probably assume HTTP), or it may be a protocol
+ * that was never even advertised by the server.  The hook callee is given the
+ * connection, a non-null-terminated string containing the protocol name, and
+ * the length of the string; it should do something appropriate (i.e. insert or
+ * remove filters) and return OK, or do nothing and return DECLINED. */
+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook,
+                          (conn_rec *connection, const char *proto_name,
+                           apr_size_t proto_name_len));
+
 #endif /* __MOD_SSL_H__ */
 /** @} */
diff -u --recursive modules/ssl/ssl_engine_init.c modules/ssl.npn/ssl_engine_init.c
--- modules/ssl/ssl_engine_init.c	2013-06-26 23:07:06.000000000 +0200
+++ modules/ssl.npn/ssl_engine_init.c	2013-08-05 13:18:17.000000000 +0200
@@ -601,6 +601,11 @@
     SSL_CTX_set_tmp_dh_callback(ctx,  ssl_callback_TmpDH);
 
     SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
+
+#ifdef HAVE_TLS_NPN
+    SSL_CTX_set_next_protos_advertised_cb(
+        ctx, ssl_callback_AdvertiseNextProtos, NULL);
+#endif
 }
 
 static void ssl_init_ctx_verify(server_rec *s,
diff -u --recursive modules/ssl/ssl_engine_io.c modules/ssl.npn/ssl_engine_io.c
--- modules/ssl/ssl_engine_io.c	2013-06-27 19:24:58.000000000 +0200
+++ modules/ssl.npn/ssl_engine_io.c	2013-08-05 13:18:17.000000000 +0200
@@ -338,6 +338,7 @@
     apr_pool_t *pool;
     char buffer[AP_IOBUFSIZE];
     ssl_filter_ctx_t *filter_ctx;
+    int npn_finished;  /* 1 if NPN has finished, 0 otherwise */
 } bio_filter_in_ctx_t;
 
 /*
@@ -1448,6 +1449,27 @@
         APR_BRIGADE_INSERT_TAIL(bb, bucket);
     }
 
+#ifdef HAVE_TLS_NPN
+    /* By this point, Next Protocol Negotiation (NPN) should be completed (if
+     * our version of OpenSSL supports it).  If we haven't already, find out
+     * which protocol was decided upon and inform other modules by calling
+     * npn_proto_negotiated_hook. */
+    if (!inctx->npn_finished) {
+        const unsigned char *next_proto = NULL;
+        unsigned next_proto_len = 0;
+
+        SSL_get0_next_proto_negotiated(
+            inctx->ssl, &next_proto, &next_proto_len);
+        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c,
+                      "SSL NPN negotiated protocol: '%s'",
+                      apr_pstrmemdup(f->c->pool, (const char*)next_proto,
+                                     next_proto_len));
+        modssl_run_npn_proto_negotiated_hook(
+            f->c, (const char*)next_proto, next_proto_len);
+        inctx->npn_finished = 1;
+    }
+#endif
+
     return APR_SUCCESS;
 }
 
@@ -1792,6 +1814,7 @@
     inctx->block = APR_BLOCK_READ;
     inctx->pool = c->pool;
     inctx->filter_ctx = filter_ctx;
+    inctx->npn_finished = 0;
 }
 
 void ssl_io_filter_init(conn_rec *c, SSL *ssl)
diff -u --recursive modules/ssl/ssl_engine_kernel.c modules/ssl.npn/ssl_engine_kernel.c
--- modules/ssl/ssl_engine_kernel.c	2013-02-15 16:50:37.000000000 +0100
+++ modules/ssl.npn/ssl_engine_kernel.c	2013-08-05 13:23:20.000000000 +0200
@@ -2109,3 +2109,85 @@
     return 0;
 }
 #endif
+
+#ifdef HAVE_TLS_NPN
+/*
+ * This callback function is executed when SSL needs to decide what protocols
+ * to advertise during Next Protocol Negotiation (NPN).  It must produce a
+ * string in wire format -- a sequence of length-prefixed strings -- indicating
+ * the advertised protocols.  Refer to SSL_CTX_set_next_protos_advertised_cb
+ * in OpenSSL for reference.
+ */
+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out,
+                                     unsigned int *size_out, void *arg)
+{
+    conn_rec *c = (conn_rec*)SSL_get_app_data(ssl);
+    apr_array_header_t *protos;
+    int num_protos;
+    unsigned int size;
+    int i;
+    unsigned char *data;
+    unsigned char *start;
+
+    *data_out = NULL;
+    *size_out = 0;
+
+    /* If the connection object is not available, then there's nothing for us
+     * to do. */
+    if (c == NULL) {
+        return SSL_TLSEXT_ERR_OK;
+    }
+
+    /* Invoke our npn_advertise_protos hook, giving other modules a chance to
+     * add alternate protocol names to advertise. */
+    protos = apr_array_make(c->pool, 0, sizeof(char*));
+    modssl_run_npn_advertise_protos_hook(c, protos);
+    num_protos = protos->nelts;
+
+    /* We now have a list of null-terminated strings; we need to concatenate
+     * them together into a single string, where each protocol name is prefixed
+     * by its length.  First, calculate how long that string will be. */
+    size = 0;
+    for (i = 0; i < num_protos; ++i) {
+        const char *string = APR_ARRAY_IDX(protos, i, const char*);
+        apr_size_t length = strlen(string);
+        /* If the protocol name is too long (the length must fit in one byte),
+         * then log an error and skip it. */
+        if (length > 255) {
+            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
+                          "SSL NPN protocol name too long (length=%u): %s",
+                          length, string);
+            continue;
+        }
+        /* Leave room for the length prefix (one byte) plus the protocol name
+         * itself. */
+        size += 1 + length;
+    }
+
+    /* If there is nothing to advertise (either because no modules added
+     * anything to the protos array, or because all strings added to the array
+     * were skipped), then we're done. */
+    if (size == 0) {
+        return SSL_TLSEXT_ERR_OK;
+    }
+
+    /* Now we can build the string.  Copy each protocol name string into the
+     * larger string, prefixed by its length. */
+    data = apr_palloc(c->pool, size * sizeof(unsigned char));
+    start = data;
+    for (i = 0; i < num_protos; ++i) {
+        const char *string = APR_ARRAY_IDX(protos, i, const char*);
+        apr_size_t length = strlen(string);
+        /* If the protocol name is too long then skip it. */
+        if (length > 255) continue;
+        *start++ = (unsigned char)length;
+        memcpy(start, string, length * sizeof(unsigned char));
+        start += length;
+    }
+
+    /* Success. */
+    *data_out = data;
+    *size_out = size;
+    return SSL_TLSEXT_ERR_OK;
+}
+#endif
diff -u --recursive modules/ssl/ssl_private.h modules/ssl.npn/ssl_private.h
--- modules/ssl/ssl_private.h	2013-02-15 16:50:37.000000000 +0100
+++ modules/ssl.npn/ssl_private.h	2013-08-05 13:18:17.000000000 +0200
@@ -635,6 +635,7 @@
 #ifndef OPENSSL_NO_TLSEXT
 int          ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *);
 #endif
+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg);
 
 /**  Session Cache Support  */
 void         ssl_scache_init(server_rec *, apr_pool_t *);
diff -u --recursive modules/ssl/ssl_toolkit_compat.h modules/ssl.npn/ssl_toolkit_compat.h
--- modules/ssl/ssl_toolkit_compat.h	2012-08-17 19:30:46.000000000 +0200
+++ modules/ssl.npn/ssl_toolkit_compat.h	2013-08-05 13:22:02.000000000 +0200
@@ -145,6 +145,11 @@
 #define HAVE_FIPS
 #endif
 
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \
+    && !defined(OPENSSL_NO_TLSEXT)
+#define HAVE_TLS_NPN
+#endif
+
 #ifndef PEM_F_DEF_CALLBACK
 #ifdef PEM_F_PEM_DEF_CALLBACK
 /** In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */