On Fri, Jul 28, 2023 at 08:47:45AM +0100, Richard W.M. Jones via curl-library wrote: > curl-8.1.2-1.fc39.x86_64
This is how this version of curl was compiled, if that matters: https://kojipkgs.fedoraproject.org//packages/curl/8.1.2/1.fc39/data/logs/x86_64/build.log (search down a bit for the ./configure line) I have this version of libnghttp2: libnghttp2-1.55.0-1.fc39.x86_64 > I'm trying to force HTTP/2 to a particular server in my program (to > test multiplexing). For some reason the server always falls back to > HTTP/1.1, even when I use CURL_HTTP_VERSION_2_0 or > CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE. > > Actually it happens at the command line too, see below. > > Why is this? > > $ curl -v -I --http2 > https://gemmei.ftp.acc.umu.se/images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2 > % Total % Received % Xferd Average Speed Time Time Time > Current > Dload Upload Total Spent Left Speed > 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- > 0* Trying [2001:6b0:19::137]:443... > * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0) > * ALPN: offers h2,http/1.1 > } [5 bytes data] > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > } [512 bytes data] > * CAfile: /etc/pki/tls/certs/ca-bundle.crt > * CApath: none > { [5 bytes data] > * TLSv1.3 (IN), TLS handshake, Server hello (2): > { [122 bytes data] > * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): > { [21 bytes data] > * TLSv1.3 (IN), TLS handshake, Certificate (11): > { [4564 bytes data] > * TLSv1.3 (IN), TLS handshake, CERT verify (15): > { [264 bytes data] > * TLSv1.3 (IN), TLS handshake, Finished (20): > { [36 bytes data] > * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): > } [1 bytes data] > * TLSv1.3 (OUT), TLS handshake, Finished (20): > } [36 bytes data] > * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 > * ALPN: server accepted http/1.1 I read about ALPN, which seems incredibly complicated and confusing. I wonder if curl could print some more debugging about why a particular protocol was selected? Rich. > * Server certificate: > * subject: CN=ftp.acc.umu.se > * start date: Jul 11 21:18:48 2023 GMT > * expire date: Oct 9 21:18:47 2023 GMT > * subjectAltName: host "gemmei.ftp.acc.umu.se" matched cert's > "gemmei.ftp.acc.umu.se" > * issuer: C=US; O=Let's Encrypt; CN=R3 > * SSL certificate verify ok. > * using HTTP/1.1 > } [5 bytes data] > > HEAD > > /images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2 > > HTTP/1.1 > > Host: gemmei.ftp.acc.umu.se > > User-Agent: curl/8.1.2 > > Accept: */* > > > { [5 bytes data] > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): > { [249 bytes data] > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): > { [249 bytes data] > * old SSL session ID is stale, removing > { [5 bytes data] > < HTTP/1.1 200 OK > < Date: Fri, 28 Jul 2023 07:34:29 GMT > < Server: Apache/2.4.55 (Unix) > < Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT > < Content-Length: 378874880 > < Accept-Ranges: bytes > < Age: 357 > < > 0 361M 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 > * Connection #0 to host gemmei.ftp.acc.umu.se left intact > HTTP/1.1 200 OK > Date: Fri, 28 Jul 2023 07:34:29 GMT > Server: Apache/2.4.55 (Unix) > Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT > Content-Length: 378874880 > Accept-Ranges: bytes > Age: 357 > > > Rich. > > -- > Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones > Read my programming and virtualization blog: http://rwmj.wordpress.com > libguestfs lets you edit virtual machines. Supports shell scripting, > bindings from many languages. http://libguestfs.org > % Total % Received % Xferd Average Speed Time Time Time > Current > Dload Upload Total Spent Left Speed > 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- > 0* Trying [2001:6b0:19::137]:443... > * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0) > * ALPN: offers h2,http/1.1 > } [5 bytes data] > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > } [512 bytes data] > * CAfile: /etc/pki/tls/certs/ca-bundle.crt > * CApath: none > { [5 bytes data] > * TLSv1.3 (IN), TLS handshake, Server hello (2): > { [122 bytes data] > * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): > { [21 bytes data] > * TLSv1.3 (IN), TLS handshake, Certificate (11): > { [4564 bytes data] > * TLSv1.3 (IN), TLS handshake, CERT verify (15): > { [264 bytes data] > * TLSv1.3 (IN), TLS handshake, Finished (20): > { [36 bytes data] > * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): > } [1 bytes data] > * TLSv1.3 (OUT), TLS handshake, Finished (20): > } [36 bytes data] > * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 > * ALPN: server accepted http/1.1 > * Server certificate: > * subject: CN=ftp.acc.umu.se > * start date: Jul 11 21:18:48 2023 GMT > * expire date: Oct 9 21:18:47 2023 GMT > * subjectAltName: host "gemmei.ftp.acc.umu.se" matched cert's > "gemmei.ftp.acc.umu.se" > * issuer: C=US; O=Let's Encrypt; CN=R3 > * SSL certificate verify ok. > * using HTTP/1.1 > } [5 bytes data] > > HEAD > > /images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2 > > HTTP/1.1 > > Host: gemmei.ftp.acc.umu.se > > User-Agent: curl/8.1.2 > > Accept: */* > > > { [5 bytes data] > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): > { [249 bytes data] > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): > { [249 bytes data] > * old SSL session ID is stale, removing > { [5 bytes data] > < HTTP/1.1 200 OK > < Date: Fri, 28 Jul 2023 07:34:29 GMT > < Server: Apache/2.4.55 (Unix) > < Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT > < Content-Length: 378874880 > < Accept-Ranges: bytes > < Age: 357 > < > 0 361M 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 > * Connection #0 to host gemmei.ftp.acc.umu.se left intact > HTTP/1.1 200 OK > Date: Fri, 28 Jul 2023 07:34:29 GMT > Server: Apache/2.4.55 (Unix) > Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT > Content-Length: 378874880 > Accept-Ranges: bytes > Age: 357 > > -- > Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library > Etiquette: https://curl.se/mail/etiquette.html -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-builder quickly builds VMs from scratch http://libguestfs.org/virt-builder.1.html -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
