Re: Does anyone actually use HTTP_1_1_REQUIRED or HTTP_VERSION_FALLBACK?

Wow, thanks for all the replies folks. Didn't expect so many, so fast.

One thing that stands out to me is that I didn't ask whether you
send/receive HTTP_1_1_REQUIRED in RST_STREAM or GOAWAY.

If I'm reading correctly, Valentin's link into the Firefox source indicates
it's a special case for GOAWAY but not RST_STREAM. However, it sounds like
in the NTLM case at least it would be send in RST_STREAM?


On Tue, May 23, 2023 at 4:49 PM Valentin Gosu <>

> Hi Lucas,
> In Firefox we handle both HTTP_1_1_REQUIRED
> <,2219-2221>
> <,1331-1333>
> .
> For HTTP_1_1_REQUIRED we only have telemetry
> <>
> for beta versions - but we've seen exactly 0 instances of this happening.
> Similarly for HTTP3
> <>
> there are no records in telemetry of ever receiving HTTP_VERSION_FALLBACK
> from a server, even in release versions.
> Cheers,
> Valentin
> On Tue, 23 May 2023 at 17:24, Lucas Pardue <>
> wrote:
>> Hi all,
>> HTTP/2 defines the error code HTTP_1_1_REQUIRED with the description "The
>> endpoint requires that HTTP/1.1 be used instead of HTTP/2.". The only
>> mention of this error code is in Section 9.2.1 that describes TLS 1.2 and
>> HTTP/2 and says
>> > This effectively prevents the use of renegotiation in response to a
>> request for a specific protected resource. A future specification might
>> provide a way to support this use case. Alternatively, a server might use
>> an error (Section 5.4) of type HTTP_1_1_REQUIRED to request that the client
>> use a protocol that supports renegotiation.
>> I was curious if anyone uses it this way. With the advent of TLS 1.3, I
>> presume an HTTP client wouldn't address this specific problem of
>> renogitation problem, so a client might need to do more complex logic. Or
>> it doesn't because nobody actually handles the situation as the RFC
>> describes it might happen.
>> HTTP/3 defines the error HTTP_VERION_FALLBACK with the description "The
>> requested operation cannot be served over HTTP/3. The peer should retry
>> over HTTP/1.1.". There is no example of how this error code might be used.
>> I thought I'd ask here to crowdsource some answers about whether these
>> codes are actually used in practice.
>> In some circumstances, when dealing with a semantic or application error,
>> resetting a stream with an error code instead of serving an HTTP response
>> with an error status can be problematic. The circumstances under which
>> HTTP_1_1_REQUIRED or HTTP_VERSION_FALLBACK could feasibly happen seem
>> rather niche and might actually be alright. I'm trying to get a sense of
>> that.
>> Cheers
>> Lucas

Received on Tuesday, 23 May 2023 16:13:52 UTC