Re: H2: interoperability issue due to lack of CONTINUATION frame support

2019-02-07 Thread Lukas Tribus
Hello, On Sat, 1 Sep 2018 at 20:02, Lukas Tribus wrote: > > Hi Willy, > > > haproxy is currently unable to handle CONTINUATION [1] frames (see > commit 61290ec77 - [2]). > > If a client emits a CONTINUATION frame, we will break the connection > and send GOAWAY due to INTERNAL_ERROR. This of cour

Re: H2: interoperability issue due to lack of CONTINUATION frame support

2018-09-02 Thread Willy Tarreau
On Sun, Sep 02, 2018 at 09:24:33PM +0200, Lukas Tribus wrote: > Hello, > > > On Sun, 2 Sep 2018 at 17:24, Willy Tarreau wrote: > > > > Hi Lukas, > > > > On Sun, Sep 02, 2018 at 11:55:29AM +0200, Lukas Tribus wrote: > > > Ok. I think with OpenSSL 1.1.1 we may be able to configure ALPN > > > diffe

Re: H2: interoperability issue due to lack of CONTINUATION frame support

2018-09-02 Thread Lukas Tribus
Hello, On Sun, 2 Sep 2018 at 17:24, Willy Tarreau wrote: > > Hi Lukas, > > On Sun, Sep 02, 2018 at 11:55:29AM +0200, Lukas Tribus wrote: > > Ok. I think with OpenSSL 1.1.1 we may be able to configure ALPN > > differently for RSA vs ECC certificates (of the same hostname), so by > > not enabling

Re: H2: interoperability issue due to lack of CONTINUATION frame support

2018-09-02 Thread Willy Tarreau
Hi Lukas, On Sun, Sep 02, 2018 at 11:55:29AM +0200, Lukas Tribus wrote: > Ok. I think with OpenSSL 1.1.1 we may be able to configure ALPN > differently for RSA vs ECC certificates (of the same hostname), so by > not enabling h2 on RSA certificates, we basically disable H2 for > Chrome on Windows X

Re: H2: interoperability issue due to lack of CONTINUATION frame support

2018-09-02 Thread Lukas Tribus
Hello Willy, On Sat, 1 Sep 2018 at 21:00, Willy Tarreau wrote: > I wanted to address it but the CONTINUATION frame is the worst design > mistake of the H2 protocol and results in layering violations which > make it particularly problematic to implement. In short, while all > frames are independa

Re: H2: interoperability issue due to lack of CONTINUATION frame support

2018-09-01 Thread Willy Tarreau
Hi Lukas, On Sat, Sep 01, 2018 at 08:02:45PM +0200, Lukas Tribus wrote: > Hi Willy, > > > haproxy is currently unable to handle CONTINUATION [1] frames (see > commit 61290ec77 - [2]). > > If a client emits a CONTINUATION frame, we will break the connection > and send GOAWAY due to INTERNAL_ERRO

H2: interoperability issue due to lack of CONTINUATION frame support

2018-09-01 Thread Lukas Tribus
Hi Willy, haproxy is currently unable to handle CONTINUATION [1] frames (see commit 61290ec77 - [2]). If a client emits a CONTINUATION frame, we will break the connection and send GOAWAY due to INTERNAL_ERROR. This of course leads to interoperability issues. Notably, older Chrome/Chromium relea