Hi,
you may already know that HTTP/2 clients use ALPN to advertise support
for HTTP/2 when TLS is used.
The issue is this: When mod_http2 is enabled, Apache sends an
"Upgrade: h2" response header to clients that have *not* advertised
support for HTTP/2 (clients that speak only HTTP/1.x).
I think that this is wrong, because of this sentence in RFC 7540:
A server MUST ignore an "h2" token in an Upgrade header field.
Presence of a token with "h2" implies HTTP/2 over TLS, which is
instead negotiated as described in Section 3.3.
What do you think about this issue, and what do you think about the
attached patch in bug 59311?
Regards,
Michael
