- From: Lucas Pardue <lucaspardue.24.7@gmail.com>
- Date: Tue, 23 May 2023 17:13:35 +0100
- To: Valentin Gosu <valentin.gosu@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CALGR9oadCg78BSMFPRFBB7pLaYmroukP8-3=uL5kzB7-H_QavQ@mail.gmail.com>
Wow, thanks for all the replies folks. Didn't expect so many, so fast. One thing that stands out to me is that I didn't ask whether you send/receive HTTP_1_1_REQUIRED in RST_STREAM or GOAWAY. If I'm reading correctly, Valentin's link into the Firefox source indicates it's a special case for GOAWAY but not RST_STREAM. However, it sounds like in the NTLM case at least it would be send in RST_STREAM? Cheers, Lucas On Tue, May 23, 2023 at 4:49 PM Valentin Gosu <valentin.gosu@gmail.com> wrote: > Hi Lucas, > > > In Firefox we handle both HTTP_1_1_REQUIRED > <https://searchfox.org/mozilla-central/rev/2d678a843ceab81e43f7ffb83212197dc10e944a/netwerk/protocol/http/Http2Session.cpp#2203-2205,2219-2221> > and HTTP_VERSION_FALLBACK > <https://searchfox.org/mozilla-central/rev/2d678a843ceab81e43f7ffb83212197dc10e944a/netwerk/protocol/http/Http3Session.cpp#1327,1331-1333> > . > > For HTTP_1_1_REQUIRED we only have telemetry > <https://searchfox.org/mozilla-central/rev/2d678a843ceab81e43f7ffb83212197dc10e944a/netwerk/protocol/http/Http2Session.cpp#248> > for beta versions - but we've seen exactly 0 instances of this happening. > > Similarly for HTTP3 > <https://searchfox.org/mozilla-central/rev/2d678a843ceab81e43f7ffb83212197dc10e944a/netwerk/protocol/http/Http3Session.cpp#2262> > there are no records in telemetry of ever receiving HTTP_VERSION_FALLBACK > from a server, even in release versions. > > > Cheers, > > Valentin > > On Tue, 23 May 2023 at 17:24, Lucas Pardue <lucaspardue.24.7@gmail.com> > wrote: > >> Hi all, >> >> HTTP/2 defines the error code HTTP_1_1_REQUIRED with the description "The >> endpoint requires that HTTP/1.1 be used instead of HTTP/2.". The only >> mention of this error code is in Section 9.2.1 that describes TLS 1.2 and >> HTTP/2 and says >> >> > This effectively prevents the use of renegotiation in response to a >> request for a specific protected resource. A future specification might >> provide a way to support this use case. Alternatively, a server might use >> an error (Section 5.4) of type HTTP_1_1_REQUIRED to request that the client >> use a protocol that supports renegotiation. >> >> I was curious if anyone uses it this way. With the advent of TLS 1.3, I >> presume an HTTP client wouldn't address this specific problem of >> renogitation problem, so a client might need to do more complex logic. Or >> it doesn't because nobody actually handles the situation as the RFC >> describes it might happen. >> >> HTTP/3 defines the error HTTP_VERION_FALLBACK with the description "The >> requested operation cannot be served over HTTP/3. The peer should retry >> over HTTP/1.1.". There is no example of how this error code might be used. >> >> I thought I'd ask here to crowdsource some answers about whether these >> codes are actually used in practice. >> >> In some circumstances, when dealing with a semantic or application error, >> resetting a stream with an error code instead of serving an HTTP response >> with an error status can be problematic. The circumstances under which >> HTTP_1_1_REQUIRED or HTTP_VERSION_FALLBACK could feasibly happen seem >> rather niche and might actually be alright. I'm trying to get a sense of >> that. >> >> Cheers >> Lucas >> >
Received on Tuesday, 23 May 2023 16:13:52 UTC