Re: Does anyone actually use HTTP_1_1_REQUIRED or HTTP_VERSION_FALLBACK?

There is also an analog to the renegotiate + certifiable request pattern in
TLS 1.3 which is similarly HTTP/2-incompatible. I don't think TLS 1.3
changes anything about the situation.

On Tue, May 23, 2023, 10:47 Bence Béky <bnc@chromium.org> wrote:

> Hi Lucas,
>
> Chrome had also been seeing it in the context of NTLM (and there were
> complaints that Chrome would not try HTTP/2 again afterwards), see
> https://crbug.com/516237, https://crbug.com/685741 and
> https://crbug.com/713851. Discussion was most active in 2017, and the
> last comment is from 2021, not sure how often HTTP_1_1_REQUIRED is
> still being used. Unfortunately Chrome does not record error codes of
> incoming RST_STREAM frames in HTTP/2.
>
> Bence
>
> On Tue, May 23, 2023 at 10:37 AM Daniel Stenberg <daniel@haxx.se> wrote:
> >
> > On Tue, 23 May 2023, Lucas Pardue wrote:
> >
> > > I thought I'd ask here to crowdsource some answers about whether these
> codes
> > > are actually used in practice.
> >
> > In curl we have certainly seen HTTP_1_1_REQUIRED used in the past and we
> have
> > support for it in code (and nghttp2 knows about it can can return info
> that it
> > arrived). I can't say how often or even if it still actually is used in
> the
> > wild.
> >
> > The last report I find now of a server returning it was in March 2019
> (because
> > curl misbehaved). Used for downgrading from HTTP/2 to be able to do
> NTLM...
> >
> > --
> >
> >   / daniel.haxx.se
> >
>
>

Received on Tuesday, 23 May 2023 14:50:30 UTC