Hi Rich,

you see the ALPN handling in curl's log output. Specifically:

>> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0)
>> * ALPN: offers h2,http/1.1

This means that curl offers the server to talk 'h2' (preferred) or 'http/1.1'. 
This is as it is supposed to be. Then:

>> * ALPN: server accepted http/1.1

which means the server selected 'http/1.1' from the list of protocols offered 
by curl. Which is a choice by the server alone.

If you wonder if your local curl can do HTTP/2 properly, just run

> curl -v https://curl.se -o /dev/null

and you should see the line:

  * ALPN: server accepted h2

Hope this helps,
Stefan

> Am 28.07.2023 um 10:15 schrieb Richard W.M. Jones via curl-library 
> <curl-library@lists.haxx.se>:
> 
> On Fri, Jul 28, 2023 at 08:47:45AM +0100, Richard W.M. Jones via curl-library 
> wrote:
>> curl-8.1.2-1.fc39.x86_64
> 
> This is how this version of curl was compiled, if that matters:
> 
> https://kojipkgs.fedoraproject.org//packages/curl/8.1.2/1.fc39/data/logs/x86_64/build.log
> 
> (search down a bit for the ./configure line)
> 
> I have this version of libnghttp2:
> 
> libnghttp2-1.55.0-1.fc39.x86_64
> 
>> I'm trying to force HTTP/2 to a particular server in my program (to
>> test multiplexing).  For some reason the server always falls back to
>> HTTP/1.1, even when I use CURL_HTTP_VERSION_2_0 or
>> CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE.
>> 
>> Actually it happens at the command line too, see below.
>> 
>> Why is this?
>> 
>> $ curl -v -I --http2 
>> https://gemmei.ftp.acc.umu.se/images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2
>>  % Total    % Received % Xferd  Average Speed   Time    Time     Time  
>> Current
>>                                 Dload  Upload   Total   Spent    Left  Speed
>>  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     
>> 0*   Trying [2001:6b0:19::137]:443...
>> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0)
>> * ALPN: offers h2,http/1.1
>> } [5 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
>> } [512 bytes data]
>> *  CAfile: /etc/pki/tls/certs/ca-bundle.crt
>> *  CApath: none
>> { [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Server hello (2):
>> { [122 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
>> { [21 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Certificate (11):
>> { [4564 bytes data]
>> * TLSv1.3 (IN), TLS handshake, CERT verify (15):
>> { [264 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Finished (20):
>> { [36 bytes data]
>> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
>> } [1 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Finished (20):
>> } [36 bytes data]
>> * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
>> * ALPN: server accepted http/1.1
> 
> I read about ALPN, which seems incredibly complicated and confusing.
> I wonder if curl could print some more debugging about why a
> particular protocol was selected?
> 
> Rich.
> 
>> * Server certificate:
>> *  subject: CN=ftp.acc.umu.se
>> *  start date: Jul 11 21:18:48 2023 GMT
>> *  expire date: Oct  9 21:18:47 2023 GMT
>> *  subjectAltName: host "gemmei.ftp.acc.umu.se" matched cert's 
>> "gemmei.ftp.acc.umu.se"
>> *  issuer: C=US; O=Let's Encrypt; CN=R3
>> *  SSL certificate verify ok.
>> * using HTTP/1.1
>> } [5 bytes data]
>>> HEAD 
>>> /images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2
>>>  HTTP/1.1
>>> Host: gemmei.ftp.acc.umu.se
>>> User-Agent: curl/8.1.2
>>> Accept: */*
>>> 
>> { [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>> { [249 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>> { [249 bytes data]
>> * old SSL session ID is stale, removing
>> { [5 bytes data]
>> < HTTP/1.1 200 OK
>> < Date: Fri, 28 Jul 2023 07:34:29 GMT
>> < Server: Apache/2.4.55 (Unix)
>> < Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
>> < Content-Length: 378874880
>> < Accept-Ranges: bytes
>> < Age: 357
>> < 
>>  0  361M    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
>> * Connection #0 to host gemmei.ftp.acc.umu.se left intact
>> HTTP/1.1 200 OK
>> Date: Fri, 28 Jul 2023 07:34:29 GMT
>> Server: Apache/2.4.55 (Unix)
>> Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
>> Content-Length: 378874880
>> Accept-Ranges: bytes
>> Age: 357
>> 
>> 
>> Rich.
>> 
>> -- 
>> Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
>> Read my programming and virtualization blog: http://rwmj.wordpress.com
>> libguestfs lets you edit virtual machines.  Supports shell scripting,
>> bindings from many languages.  http://libguestfs.org
> 
>>  % Total    % Received % Xferd  Average Speed   Time    Time     Time  
>> Current
>>                                 Dload  Upload   Total   Spent    Left  Speed
>>  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     
>> 0*   Trying [2001:6b0:19::137]:443...
>> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0)
>> * ALPN: offers h2,http/1.1
>> } [5 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
>> } [512 bytes data]
>> *  CAfile: /etc/pki/tls/certs/ca-bundle.crt
>> *  CApath: none
>> { [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Server hello (2):
>> { [122 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
>> { [21 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Certificate (11):
>> { [4564 bytes data]
>> * TLSv1.3 (IN), TLS handshake, CERT verify (15):
>> { [264 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Finished (20):
>> { [36 bytes data]
>> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
>> } [1 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Finished (20):
>> } [36 bytes data]
>> * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
>> * ALPN: server accepted http/1.1
>> * Server certificate:
>> *  subject: CN=ftp.acc.umu.se
>> *  start date: Jul 11 21:18:48 2023 GMT
>> *  expire date: Oct  9 21:18:47 2023 GMT
>> *  subjectAltName: host "gemmei.ftp.acc.umu.se" matched cert's 
>> "gemmei.ftp.acc.umu.se"
>> *  issuer: C=US; O=Let's Encrypt; CN=R3
>> *  SSL certificate verify ok.
>> * using HTTP/1.1
>> } [5 bytes data]
>>> HEAD 
>>> /images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2
>>>  HTTP/1.1
>>> Host: gemmei.ftp.acc.umu.se
>>> User-Agent: curl/8.1.2
>>> Accept: */*
>>> 
>> { [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>> { [249 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>> { [249 bytes data]
>> * old SSL session ID is stale, removing
>> { [5 bytes data]
>> < HTTP/1.1 200 OK
>> < Date: Fri, 28 Jul 2023 07:34:29 GMT
>> < Server: Apache/2.4.55 (Unix)
>> < Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
>> < Content-Length: 378874880
>> < Accept-Ranges: bytes
>> < Age: 357
>> < 
>>  0  361M    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
>> * Connection #0 to host gemmei.ftp.acc.umu.se left intact
>> HTTP/1.1 200 OK
>> Date: Fri, 28 Jul 2023 07:34:29 GMT
>> Server: Apache/2.4.55 (Unix)
>> Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
>> Content-Length: 378874880
>> Accept-Ranges: bytes
>> Age: 357
>> 
> 
>> -- 
>> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
>> Etiquette:   https://curl.se/mail/etiquette.html
> 
> 
> -- 
> Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
> Read my programming and virtualization blog: http://rwmj.wordpress.com
> virt-builder quickly builds VMs from scratch
> http://libguestfs.org/virt-builder.1.html
> 
> -- 
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
> Etiquette:   https://curl.se/mail/etiquette.html


-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Reply via email to