Re: Is the response header "Upgrade: h2" allowed when TLS is used?

> On 19 Apr 2016, at 17:07, Cory Benfield <cory@lukasa.co.uk> wrote:
> 
> Heh, I missed that. With that note, then, I’d say that Apache should stop putting h2 in the Upgrade header on a TLS-using connection *unless* it believes that connection is for a HTTP-schemed URL, when it should put h2c.


Sorry, even that’s not right, as Section 3.3 states:

> the "h2c" protocol identifier describes a protocol that does not use TLS.

I’d say that while RFC 7540 doesn’t *explicitly* have any normative language that says you can’t do this, it has statements that “h2c” is only for cleartext, that HTTP/2 over TLS uses “h2”, and that you can’t put “h2” in an upgrade header (only the last is normative). To me, that seems to add up to “no Upgrade header in TLS”.

Cory

Received on Tuesday, 19 April 2016 16:17:57 UTC