Re: Does anyone actually use HTTP_1_1_REQUIRED or HTTP_VERSION_FALLBACK?

> Am 23.05.2023 um 16:20 schrieb Lucas Pardue <lucaspardue.24.7@gmail.com>:
> 
> Hi all,
> 
> HTTP/2 defines the error code HTTP_1_1_REQUIRED with the description "The endpoint requires that HTTP/1.1 be used instead of HTTP/2.". The only mention of this error code is in Section 9.2.1 that describes TLS 1.2 and HTTP/2 and says
> 
> > This effectively prevents the use of renegotiation in response to a request for a specific protected resource. A future specification might provide a way to support this use case. Alternatively, a server might use an error (Section 5.4) of type HTTP_1_1_REQUIRED to request that the client use a protocol that supports renegotiation.
> 
> I was curious if anyone uses it this way. With the advent of TLS 1.3, I presume an HTTP client wouldn't address this specific problem of renogitation problem, so a client might need to do more complex logic. Or it doesn't because nobody actually handles the situation as the RFC describes it might happen.
> 
> HTTP/3 defines the error HTTP_VERION_FALLBACK with the description "The requested operation cannot be served over HTTP/3. The peer should retry over HTTP/1.1.". There is no example of how this error code might be used.
> 
> I thought I'd ask here to crowdsource some answers about whether these codes are actually used in practice. 
> 
> In some circumstances, when dealing with a semantic or application error, resetting a stream with an error code instead of serving an HTTP response with an error status can be problematic. The circumstances under which HTTP_1_1_REQUIRED or HTTP_VERSION_FALLBACK could feasibly happen seem rather niche and might actually be alright. I'm trying to get a sense of that.
> 
> Cheers
> Lucas

Apache httpd will issue a HTTP_1_1_REQUIRED when encountering a resource that wants to renegotiate TLS properties (due to how it is configured). How often that is really happening is hard to tell for us.

Cheers,
Stefan

Received on Tuesday, 23 May 2023 14:52:31 UTC