On Fri, Jul 28, 2023 at 11:12:35AM +0200, Stefan Eissing wrote: > Hi Rich, > > you see the ALPN handling in curl's log output. Specifically: > > >> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0) > >> * ALPN: offers h2,http/1.1 > > This means that curl offers the server to talk 'h2' (preferred) or > 'http/1.1'. This is as it is supposed to be. Then:
Oh I see. The phrasing is ambiguous though, perhaps the debug message could be: * ALPN: client offers h2,http/1.1 > >> * ALPN: server accepted http/1.1 > > which means the server selected 'http/1.1' from the list of protocols offered > by curl. Which is a choice by the server alone. > > If you wonder if your local curl can do HTTP/2 properly, just run > > > curl -v https://curl.se -o /dev/null > > and you should see the line: > > * ALPN: server accepted h2 Yes, that works, thanks. Rich. > Hope this helps, > Stefan > > > Am 28.07.2023 um 10:15 schrieb Richard W.M. Jones via curl-library > > <curl-library@lists.haxx.se>: > > > > On Fri, Jul 28, 2023 at 08:47:45AM +0100, Richard W.M. Jones via > > curl-library wrote: > >> curl-8.1.2-1.fc39.x86_64 > > > > This is how this version of curl was compiled, if that matters: > > > > https://kojipkgs.fedoraproject.org//packages/curl/8.1.2/1.fc39/data/logs/x86_64/build.log > > > > (search down a bit for the ./configure line) > > > > I have this version of libnghttp2: > > > > libnghttp2-1.55.0-1.fc39.x86_64 > > > >> I'm trying to force HTTP/2 to a particular server in my program (to > >> test multiplexing). For some reason the server always falls back to > >> HTTP/1.1, even when I use CURL_HTTP_VERSION_2_0 or > >> CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE. > >> > >> Actually it happens at the command line too, see below. > >> > >> Why is this? > >> > >> $ curl -v -I --http2 > >> https://gemmei.ftp.acc.umu.se/images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2 > >> % Total % Received % Xferd Average Speed Time Time Time > >> Current > >> Dload Upload Total Spent Left > >> Speed > >> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- > >> 0* Trying [2001:6b0:19::137]:443... > >> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0) > >> * ALPN: offers h2,http/1.1 > >> } [5 bytes data] > >> * TLSv1.3 (OUT), TLS handshake, Client hello (1): > >> } [512 bytes data] > >> * CAfile: /etc/pki/tls/certs/ca-bundle.crt > >> * CApath: none > >> { [5 bytes data] > >> * TLSv1.3 (IN), TLS handshake, Server hello (2): > >> { [122 bytes data] > >> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): > >> { [21 bytes data] > >> * TLSv1.3 (IN), TLS handshake, Certificate (11): > >> { [4564 bytes data] > >> * TLSv1.3 (IN), TLS handshake, CERT verify (15): > >> { [264 bytes data] > >> * TLSv1.3 (IN), TLS handshake, Finished (20): > >> { [36 bytes data] > >> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): > >> } [1 bytes data] > >> * TLSv1.3 (OUT), TLS handshake, Finished (20): > >> } [36 bytes data] > >> * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 > >> * ALPN: server accepted http/1.1 > > > > I read about ALPN, which seems incredibly complicated and confusing. > > I wonder if curl could print some more debugging about why a > > particular protocol was selected? > > > > Rich. > > > >> * Server certificate: > >> * subject: CN=ftp.acc.umu.se > >> * start date: Jul 11 21:18:48 2023 GMT > >> * expire date: Oct 9 21:18:47 2023 GMT > >> * subjectAltName: host "gemmei.ftp.acc.umu.se" matched cert's > >> "gemmei.ftp.acc.umu.se" > >> * issuer: C=US; O=Let's Encrypt; CN=R3 > >> * SSL certificate verify ok. > >> * using HTTP/1.1 > >> } [5 bytes data] > >>> HEAD > >>> /images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2 > >>> HTTP/1.1 > >>> Host: gemmei.ftp.acc.umu.se > >>> User-Agent: curl/8.1.2 > >>> Accept: */* > >>> > >> { [5 bytes data] > >> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): > >> { [249 bytes data] > >> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): > >> { [249 bytes data] > >> * old SSL session ID is stale, removing > >> { [5 bytes data] > >> < HTTP/1.1 200 OK > >> < Date: Fri, 28 Jul 2023 07:34:29 GMT > >> < Server: Apache/2.4.55 (Unix) > >> < Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT > >> < Content-Length: 378874880 > >> < Accept-Ranges: bytes > >> < Age: 357 > >> < > >> 0 361M 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- > >> 0 > >> * Connection #0 to host gemmei.ftp.acc.umu.se left intact > >> HTTP/1.1 200 OK > >> Date: Fri, 28 Jul 2023 07:34:29 GMT > >> Server: Apache/2.4.55 (Unix) > >> Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT > >> Content-Length: 378874880 > >> Accept-Ranges: bytes > >> Age: 357 > >> > >> > >> Rich. > >> > >> -- > >> Richard Jones, Virtualization Group, Red Hat > >> http://people.redhat.com/~rjones > >> Read my programming and virtualization blog: http://rwmj.wordpress.com > >> libguestfs lets you edit virtual machines. Supports shell scripting, > >> bindings from many languages. http://libguestfs.org > > > >> % Total % Received % Xferd Average Speed Time Time Time > >> Current > >> Dload Upload Total Spent Left > >> Speed > >> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- > >> 0* Trying [2001:6b0:19::137]:443... > >> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0) > >> * ALPN: offers h2,http/1.1 > >> } [5 bytes data] > >> * TLSv1.3 (OUT), TLS handshake, Client hello (1): > >> } [512 bytes data] > >> * CAfile: /etc/pki/tls/certs/ca-bundle.crt > >> * CApath: none > >> { [5 bytes data] > >> * TLSv1.3 (IN), TLS handshake, Server hello (2): > >> { [122 bytes data] > >> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): > >> { [21 bytes data] > >> * TLSv1.3 (IN), TLS handshake, Certificate (11): > >> { [4564 bytes data] > >> * TLSv1.3 (IN), TLS handshake, CERT verify (15): > >> { [264 bytes data] > >> * TLSv1.3 (IN), TLS handshake, Finished (20): > >> { [36 bytes data] > >> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): > >> } [1 bytes data] > >> * TLSv1.3 (OUT), TLS handshake, Finished (20): > >> } [36 bytes data] > >> * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 > >> * ALPN: server accepted http/1.1 > >> * Server certificate: > >> * subject: CN=ftp.acc.umu.se > >> * start date: Jul 11 21:18:48 2023 GMT > >> * expire date: Oct 9 21:18:47 2023 GMT > >> * subjectAltName: host "gemmei.ftp.acc.umu.se" matched cert's > >> "gemmei.ftp.acc.umu.se" > >> * issuer: C=US; O=Let's Encrypt; CN=R3 > >> * SSL certificate verify ok. > >> * using HTTP/1.1 > >> } [5 bytes data] > >>> HEAD > >>> /images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2 > >>> HTTP/1.1 > >>> Host: gemmei.ftp.acc.umu.se > >>> User-Agent: curl/8.1.2 > >>> Accept: */* > >>> > >> { [5 bytes data] > >> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): > >> { [249 bytes data] > >> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): > >> { [249 bytes data] > >> * old SSL session ID is stale, removing > >> { [5 bytes data] > >> < HTTP/1.1 200 OK > >> < Date: Fri, 28 Jul 2023 07:34:29 GMT > >> < Server: Apache/2.4.55 (Unix) > >> < Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT > >> < Content-Length: 378874880 > >> < Accept-Ranges: bytes > >> < Age: 357 > >> < > >> 0 361M 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- > >> 0 > >> * Connection #0 to host gemmei.ftp.acc.umu.se left intact > >> HTTP/1.1 200 OK > >> Date: Fri, 28 Jul 2023 07:34:29 GMT > >> Server: Apache/2.4.55 (Unix) > >> Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT > >> Content-Length: 378874880 > >> Accept-Ranges: bytes > >> Age: 357 > >> > > > >> -- > >> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library > >> Etiquette: https://curl.se/mail/etiquette.html > > > > > > -- > > Richard Jones, Virtualization Group, Red Hat > > http://people.redhat.com/~rjones > > Read my programming and virtualization blog: http://rwmj.wordpress.com > > virt-builder quickly builds VMs from scratch > > http://libguestfs.org/virt-builder.1.html > > > > -- > > Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library > > Etiquette: https://curl.se/mail/etiquette.html > -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 100 libraries supported. http://fedoraproject.org/wiki/MinGW -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
