Folks,

on Tomcat 9.0 with OpenSSL I see the following with curl:
> $ curl https://dw-eng-apps-dev.innomotics.net:8444 --verbose -Ss > /dev/null
> * Uses proxy env variable NO_PROXY == 
> 'localhost,.siemens.net,.siemens.com,.siemens.de,.siemens.cloud,.siemens.io,.innomotics.net,.innomotics.com'
> * Host dw-eng-apps-dev.innomotics.net:8444 was resolved.
> * IPv6: (none)
> * IPv4: 10.64.105.136
> *   Trying 10.64.105.136:8444...
> * ALPN: curl offers h2,http/1.1
> } [5 bytes data]
> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> } [512 bytes data]
> * TLSv1.3 (IN), TLS handshake, Server hello (2):
> { [122 bytes data]
> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
> { [10 bytes data]
> * TLSv1.3 (IN), TLS handshake, Certificate (11):
> { [2256 bytes data]
> * TLSv1.3 (IN), TLS handshake, CERT verify (15):
> { [520 bytes data]
> * TLSv1.3 (IN), TLS handshake, Finished (20):
> { [52 bytes data]
> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
> } [1 bytes data]
> * TLSv1.3 (OUT), TLS handshake, Finished (20):
> } [52 bytes data]
> * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / [blank] / UNDEF
> * ALPN: server did not agree on a protocol. Uses default.

Upgrade to h2 isn't configured, we don't need it, why doesn't Tomcat offer 
http/1.1 via ALPN and curl has to fall back?

The same with Apache HTTPd configured for http/1.1 only:
> $ curl https://dw-eng-rsc.innomotics.net --verbose
> * Uses proxy env variable NO_PROXY == 
> 'localhost,.siemens.net,.siemens.com,.siemens.de,.siemens.cloud,.siemens.io,.innomotics.net,.innomotics.com'
> * Host dw-eng-rsc.innomotics.net:443 was resolved.
> * IPv6: (none)
> * IPv4: 10.64.105.147
> *   Trying 10.64.105.147:443...
> * ALPN: curl offers h2,http/1.1
> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> * TLSv1.3 (IN), TLS handshake, Server hello (2):
> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
> * TLSv1.3 (IN), TLS handshake, Certificate (11):
> * TLSv1.3 (IN), TLS handshake, CERT verify (15):
> * TLSv1.3 (IN), TLS handshake, Finished (20):
> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
> * TLSv1.3 (OUT), TLS handshake, Finished (20):
> * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / [blank] / UNDEF
> * ALPN: server accepted http/1.1

Michael

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to