Hi Rich, you see the ALPN handling in curl's log output. Specifically:
>> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0) >> * ALPN: offers h2,http/1.1 This means that curl offers the server to talk 'h2' (preferred) or 'http/1.1'. This is as it is supposed to be. Then: >> * ALPN: server accepted http/1.1 which means the server selected 'http/1.1' from the list of protocols offered by curl. Which is a choice by the server alone. If you wonder if your local curl can do HTTP/2 properly, just run > curl -v https://curl.se -o /dev/null and you should see the line: * ALPN: server accepted h2 Hope this helps, Stefan > Am 28.07.2023 um 10:15 schrieb Richard W.M. Jones via curl-library > <curl-library@lists.haxx.se>: > > On Fri, Jul 28, 2023 at 08:47:45AM +0100, Richard W.M. Jones via curl-library > wrote: >> curl-8.1.2-1.fc39.x86_64 > > This is how this version of curl was compiled, if that matters: > > https://kojipkgs.fedoraproject.org//packages/curl/8.1.2/1.fc39/data/logs/x86_64/build.log > > (search down a bit for the ./configure line) > > I have this version of libnghttp2: > > libnghttp2-1.55.0-1.fc39.x86_64 > >> I'm trying to force HTTP/2 to a particular server in my program (to >> test multiplexing). For some reason the server always falls back to >> HTTP/1.1, even when I use CURL_HTTP_VERSION_2_0 or >> CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE. >> >> Actually it happens at the command line too, see below. >> >> Why is this? >> >> $ curl -v -I --http2 >> https://gemmei.ftp.acc.umu.se/images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2 >> % Total % Received % Xferd Average Speed Time Time Time >> Current >> Dload Upload Total Spent Left Speed >> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- >> 0* Trying [2001:6b0:19::137]:443... >> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0) >> * ALPN: offers h2,http/1.1 >> } [5 bytes data] >> * TLSv1.3 (OUT), TLS handshake, Client hello (1): >> } [512 bytes data] >> * CAfile: /etc/pki/tls/certs/ca-bundle.crt >> * CApath: none >> { [5 bytes data] >> * TLSv1.3 (IN), TLS handshake, Server hello (2): >> { [122 bytes data] >> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): >> { [21 bytes data] >> * TLSv1.3 (IN), TLS handshake, Certificate (11): >> { [4564 bytes data] >> * TLSv1.3 (IN), TLS handshake, CERT verify (15): >> { [264 bytes data] >> * TLSv1.3 (IN), TLS handshake, Finished (20): >> { [36 bytes data] >> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): >> } [1 bytes data] >> * TLSv1.3 (OUT), TLS handshake, Finished (20): >> } [36 bytes data] >> * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 >> * ALPN: server accepted http/1.1 > > I read about ALPN, which seems incredibly complicated and confusing. > I wonder if curl could print some more debugging about why a > particular protocol was selected? > > Rich. > >> * Server certificate: >> * subject: CN=ftp.acc.umu.se >> * start date: Jul 11 21:18:48 2023 GMT >> * expire date: Oct 9 21:18:47 2023 GMT >> * subjectAltName: host "gemmei.ftp.acc.umu.se" matched cert's >> "gemmei.ftp.acc.umu.se" >> * issuer: C=US; O=Let's Encrypt; CN=R3 >> * SSL certificate verify ok. >> * using HTTP/1.1 >> } [5 bytes data] >>> HEAD >>> /images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2 >>> HTTP/1.1 >>> Host: gemmei.ftp.acc.umu.se >>> User-Agent: curl/8.1.2 >>> Accept: */* >>> >> { [5 bytes data] >> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): >> { [249 bytes data] >> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): >> { [249 bytes data] >> * old SSL session ID is stale, removing >> { [5 bytes data] >> < HTTP/1.1 200 OK >> < Date: Fri, 28 Jul 2023 07:34:29 GMT >> < Server: Apache/2.4.55 (Unix) >> < Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT >> < Content-Length: 378874880 >> < Accept-Ranges: bytes >> < Age: 357 >> < >> 0 361M 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 >> * Connection #0 to host gemmei.ftp.acc.umu.se left intact >> HTTP/1.1 200 OK >> Date: Fri, 28 Jul 2023 07:34:29 GMT >> Server: Apache/2.4.55 (Unix) >> Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT >> Content-Length: 378874880 >> Accept-Ranges: bytes >> Age: 357 >> >> >> Rich. >> >> -- >> Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones >> Read my programming and virtualization blog: http://rwmj.wordpress.com >> libguestfs lets you edit virtual machines. Supports shell scripting, >> bindings from many languages. http://libguestfs.org > >> % Total % Received % Xferd Average Speed Time Time Time >> Current >> Dload Upload Total Spent Left Speed >> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- >> 0* Trying [2001:6b0:19::137]:443... >> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0) >> * ALPN: offers h2,http/1.1 >> } [5 bytes data] >> * TLSv1.3 (OUT), TLS handshake, Client hello (1): >> } [512 bytes data] >> * CAfile: /etc/pki/tls/certs/ca-bundle.crt >> * CApath: none >> { [5 bytes data] >> * TLSv1.3 (IN), TLS handshake, Server hello (2): >> { [122 bytes data] >> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): >> { [21 bytes data] >> * TLSv1.3 (IN), TLS handshake, Certificate (11): >> { [4564 bytes data] >> * TLSv1.3 (IN), TLS handshake, CERT verify (15): >> { [264 bytes data] >> * TLSv1.3 (IN), TLS handshake, Finished (20): >> { [36 bytes data] >> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): >> } [1 bytes data] >> * TLSv1.3 (OUT), TLS handshake, Finished (20): >> } [36 bytes data] >> * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 >> * ALPN: server accepted http/1.1 >> * Server certificate: >> * subject: CN=ftp.acc.umu.se >> * start date: Jul 11 21:18:48 2023 GMT >> * expire date: Oct 9 21:18:47 2023 GMT >> * subjectAltName: host "gemmei.ftp.acc.umu.se" matched cert's >> "gemmei.ftp.acc.umu.se" >> * issuer: C=US; O=Let's Encrypt; CN=R3 >> * SSL certificate verify ok. >> * using HTTP/1.1 >> } [5 bytes data] >>> HEAD >>> /images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2 >>> HTTP/1.1 >>> Host: gemmei.ftp.acc.umu.se >>> User-Agent: curl/8.1.2 >>> Accept: */* >>> >> { [5 bytes data] >> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): >> { [249 bytes data] >> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): >> { [249 bytes data] >> * old SSL session ID is stale, removing >> { [5 bytes data] >> < HTTP/1.1 200 OK >> < Date: Fri, 28 Jul 2023 07:34:29 GMT >> < Server: Apache/2.4.55 (Unix) >> < Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT >> < Content-Length: 378874880 >> < Accept-Ranges: bytes >> < Age: 357 >> < >> 0 361M 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 >> * Connection #0 to host gemmei.ftp.acc.umu.se left intact >> HTTP/1.1 200 OK >> Date: Fri, 28 Jul 2023 07:34:29 GMT >> Server: Apache/2.4.55 (Unix) >> Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT >> Content-Length: 378874880 >> Accept-Ranges: bytes >> Age: 357 >> > >> -- >> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library >> Etiquette: https://curl.se/mail/etiquette.html > > > -- > Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones > Read my programming and virtualization blog: http://rwmj.wordpress.com > virt-builder quickly builds VMs from scratch > http://libguestfs.org/virt-builder.1.html > > -- > Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library > Etiquette: https://curl.se/mail/etiquette.html -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
