Folks, on Tomcat 9.0 with OpenSSL I see the following with curl: > $ curl https://dw-eng-apps-dev.innomotics.net:8444 --verbose -Ss > /dev/null > * Uses proxy env variable NO_PROXY == > 'localhost,.siemens.net,.siemens.com,.siemens.de,.siemens.cloud,.siemens.io,.innomotics.net,.innomotics.com' > * Host dw-eng-apps-dev.innomotics.net:8444 was resolved. > * IPv6: (none) > * IPv4: 10.64.105.136 > * Trying 10.64.105.136:8444... > * ALPN: curl offers h2,http/1.1 > } [5 bytes data] > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > } [512 bytes data] > * TLSv1.3 (IN), TLS handshake, Server hello (2): > { [122 bytes data] > * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): > { [10 bytes data] > * TLSv1.3 (IN), TLS handshake, Certificate (11): > { [2256 bytes data] > * TLSv1.3 (IN), TLS handshake, CERT verify (15): > { [520 bytes data] > * TLSv1.3 (IN), TLS handshake, Finished (20): > { [52 bytes data] > * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): > } [1 bytes data] > * TLSv1.3 (OUT), TLS handshake, Finished (20): > } [52 bytes data] > * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / [blank] / UNDEF > * ALPN: server did not agree on a protocol. Uses default.
Upgrade to h2 isn't configured, we don't need it, why doesn't Tomcat offer http/1.1 via ALPN and curl has to fall back? The same with Apache HTTPd configured for http/1.1 only: > $ curl https://dw-eng-rsc.innomotics.net --verbose > * Uses proxy env variable NO_PROXY == > 'localhost,.siemens.net,.siemens.com,.siemens.de,.siemens.cloud,.siemens.io,.innomotics.net,.innomotics.com' > * Host dw-eng-rsc.innomotics.net:443 was resolved. > * IPv6: (none) > * IPv4: 10.64.105.147 > * Trying 10.64.105.147:443... > * ALPN: curl offers h2,http/1.1 > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > * TLSv1.3 (IN), TLS handshake, Server hello (2): > * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): > * TLSv1.3 (IN), TLS handshake, Certificate (11): > * TLSv1.3 (IN), TLS handshake, CERT verify (15): > * TLSv1.3 (IN), TLS handshake, Finished (20): > * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): > * TLSv1.3 (OUT), TLS handshake, Finished (20): > * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / [blank] / UNDEF > * ALPN: server accepted http/1.1 Michael --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org