On 9/22/2025 10:53 PM, Roy Hashimoto wrote:
I'm writing an embedded web server for an Android app with httpcore5-h2
5.3.5 and conscrypt-android 2.5.3. Because I'm using Conscrypt, I assumed
that I should use ConscryptServerTlsStrategy, but it seems that
ConscryptServerTlsStrategy always uses ALPN to try to negotiate HTTP2 with
clients, even if the server is configured for HTTP1 (either by using
AsyncServerBootstrap, or with setVersionPolicy(FORCE_HTTP_1)). This causes
connections to fail for clients that are HTTP2-capable because the client
is speaking HTTP2 and the server is not.
I can make things work by using BasicTlsServerStrategy instead as it
apparently doesn't use ALPN, but I have these questions:
* Is there a way to configure/disable ALPN with ConscryptServerTlsStrategy?
Hi Roy
I reviewed TLS ALPN related code and found out no obvious defects with
it, It _should_ work with Conscrypt as designed. One should be able to
force HTTP/1.1 only protocol support with Conscript by using
HttpVersionPolicy#FORCE_HTTP_1 protocol version.
* Is it safe to use BasicTlsServerStrategy with Conscrypt?
It should be. I think we could even deprecate all Conscrypt specific
strategies. They were needed when Java 8 did not have the TLS ALPN
support back-ported to it. Now all the latest versions of Java 8 do.
But I need to run some tests before I could be really certain.
* Am I losing anything by not using ConscryptServerTlsStrategy?
Same as above. Probably not, standard JSSE APIs should be enough these days.
As for why I don't want to allow HTTP2, this is an attempted workaround for
a separate problem I'm still investigating.
Thanks!
Roy
Hope this helps
Any help with testing HttpCore with Conscrypt would be highly appreciated.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
