Dear willy: I am a follower of haproxy. I tested HTTP/2 fuction in haproxy_1.8.17 with the tool h2spec, but some test cases failed. I wonder if those are bugs for haproxy. See the tool here https://github.com/summerwind/h2spec .
Those failed cases are as follow: gaohd@host:~/.golang/gopath/src/github.com/summerwind/h2spec$./h2spec http2 -h www.axddos.com -p 443 -t -k Failures: Generic tests for HTTP/2 server 3. Frame Definitions 3.10. CONTINUATION × 1: Sends a CONTINUATION frame -> The endpoint MUST accept CONTINUATION frame. Expected: HEADERS Frame (stream_id:1) Actual: Connection closed × 2: Sends multiple CONTINUATION frames -> The endpoint MUST accept multiple CONTINUATION frames. Expected: HEADERS Frame (stream_id:1) Actual: Connection closed 4. HTTP Message Exchanges × 4: Sends a POST request with trailers -> The endpoint MUST respond to the request. Expected: HEADERS Frame (stream_id:1) Actual: Connection closed Hypertext Transfer Protocol Version 2 (HTTP/2) 4. HTTP Frames 4.2. Frame Size × 3: Sends a large size HEADERS frame that exceeds the SETTINGS_MAX_FRAME_SIZE -> The endpoint MUST respond with a connection error of type FRAME_SIZE_ERROR. Expected: GOAWAY Frame (Error Code: FRAME_SIZE_ERROR) Connection closed Actual: DATA Frame (length:624, flags:0x01, stream_id:1) 5. Streams and Multiplexing 5.1. Stream States × 13: closed: Sends a CONTINUATION frame -> The endpoint MUST treat this as a connection error of type STREAM_CLOSED. Expected: GOAWAY Frame (Error Code: STREAM_CLOSED) GOAWAY Frame (Error Code: PROTOCOL_ERROR) Connection closed Actual: RST_STREAM Frame (length:4, flags:0x00, stream_id:1) 6. Frame Definitions 6.10. CONTINUATION × 1: Sends multiple CONTINUATION frames preceded by a HEADERS frame -> The endpoint must accept the frame. Expected: HEADERS Frame (stream_id:1) Actual: Connection closed × 4: Sends a CONTINUATION frame preceded by a HEADERS frame with END_HEADERS flag -> The endpoint MUST respond with a connection error of type PROTOCOL_ERROR. Expected: GOAWAY Frame (Error Code: PROTOCOL_ERROR) Connection closed Actual: RST_STREAM Frame (length:4, flags:0x00, stream_id:1) 8. HTTP Message Exchanges 8.1. HTTP Request/Response Exchange 8.1.2. HTTP Header Fields 8.1.2.6. Malformed Requests and Responses × 1: Sends a HEADERS frame with the "content-length" header field which does not equal the DATA frame payload length -> The endpoint MUST treat this as a stream error of type PROTOCOL_ERROR. Expected: GOAWAY Frame (Error Code: PROTOCOL_ERROR) RST_STREAM Frame (Error Code: PROTOCOL_ERROR) Connection closed Actual: DATA Frame (length:182, flags:0x01, stream_id:1) × 2: Sends a HEADERS frame with the "content-length" header field which does not equal the sum of the multiple DATA frames payload length -> The endpoint MUST treat this as a stream error of type PROTOCOL_ERROR. Expected: GOAWAY Frame (Error Code: PROTOCOL_ERROR) RST_STREAM Frame (Error Code: PROTOCOL_ERROR) Connection closed Actual: DATA Frame (length:182, flags:0x01, stream_id:1) HPACK: Header Compression for HTTP/2 6. Binary Format 6.3. Dynamic Table Size Update × 1: Sends a dynamic table size update larger than the value of SETTINGS_HEADER_TABLE_SIZE -> The endpoint MUST treat this as a decoding error. Expected: GOAWAY Frame (Error Code: COMPRESSION_ERROR) Connection closed Actual: DATA Frame (length:624, flags:0x01, stream_id:1) Finished in 18.9586 seconds 145 tests, 135 passed, 0 skipped, 10 failed And haproxy info: ./haproxy -vv HA-Proxy version 1.8.17 2019/01/08 Copyright 2000-2019 Willy Tarreau <wi...@haproxy.org> Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-format-truncation -Wno-null-dereference -Wno-unused-label OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 USE_TFO=1 USE_NS=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with OpenSSL version : OpenSSL 1.1.0g 2 Nov 2017 Running on OpenSSL version : OpenSSL 1.1.0g 2 Nov 2017 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Encrypted password support via crypt(3): yes Built with multi-threading support. Built with PCRE version : 8.39 2016-06-14 Running on PCRE version : 8.39 2016-06-14 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built with zlib version : 1.2.11 Running on zlib version : 1.2.11 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with network namespace support. Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available filters : [SPOE] spoe [COMP] compression [TRACE] trace