Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTP/2 not used with most SSL backends in 7.76 (to be fixed in 7.76.1 - April 14th) #6825

Closed
icebluey opened this issue Apr 1, 2021 · 7 comments

Comments

@icebluey
Copy link

icebluey commented Apr 1, 2021

# curl-http3 -vI --http2 https://www.cloudflare.com/
*   Trying 2606:4700::6810:7c60:443...
* Connected to www.cloudflare.com (2606:4700::6810:7c60) port 443 (#0)
* ALPN, offering http/1.1
* SSL connection using TLS1.3 / ECDHE_RSA_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
> HEAD / HTTP/1.1
> Host: www.cloudflare.com
> User-Agent: curl/7.76.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
HTTP/1.1 200 OK


# curl-http3 -vI --http2-prior-knowledge https://www.cloudflare.com/
*   Trying 2606:4700::6810:7b60:443...
* Connected to www.cloudflare.com (2606:4700::6810:7b60) port 443 (#0)
* ALPN, offering http/1.1
* SSL connection using TLS1.3 / ECDHE_RSA_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
> HEAD / HTTP/1.1
> Host: www.cloudflare.com
> User-Agent: curl/7.76.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
HTTP/1.1 200 OK

[curl -V output]

# curl-http3 -V
curl 7.76.0 (x86_64-pc-linux-gnu) libcurl/7.76.0 GnuTLS/3.7.1 zlib/1.2.11 brotli/1.0.9 zstd/1.4.9 c-ares/1.17.1 libidn2/2.3.0 libssh2/1.9.0 nghttp2/1.43.0 ngtcp2/0.1.0-DEV nghttp3/0.1.0-DEV
Release-Date: 2021-03-31
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: alt-svc AsynchDNS brotli HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets zstd

@bagder
Copy link
Member

bagder commented Apr 1, 2021

You don't need the --http2 option. curl does HTTP/2 by default over HTTPS. Apparently it doesn't work with GnuTLS... ?

bagder added a commit that referenced this issue Apr 1, 2021
Regression since 88dd1a8 (shipped in 7.76.0)
Reported-by: Kenneth Davidson
Fixes #6825
@bagder bagder changed the title Cannot offer h2 Cannot offer h2 with GnuTLS Apr 1, 2021
@romamik
Copy link

romamik commented Apr 1, 2021

Same behavior with mbedtls. And same fix in mbedtls.c fixes the problem.

@icebluey
Copy link
Author

icebluey commented Apr 1, 2021

You don't need the --http2 option. curl does HTTP/2 by default over HTTPS. Apparently it doesn't work with GnuTLS... ?

Yes, it doesn't offer h2 whether I use --http2 option or not.

@bagder
Copy link
Member

bagder commented Apr 1, 2021

Same behavior with mbedtls

and a bunch of other TLS backends too... 😢 Time for me to ponder if this is reason enough for a patch release within soon!

bagder added a commit that referenced this issue Apr 1, 2021
for GnuTLS, BearSSL, mbedTLS, NSS, SChannnel, Secure Transport and
wolfSSL...

Regression since 88dd1a8 (shipped in 7.76.0)
Reported-by: Kenneth Davidson
Fixes #6825
@jay
Copy link
Member

jay commented Apr 1, 2021

If you're going to do that I would wait the week to see if anything else comes up.

@bagder
Copy link
Member

bagder commented Apr 1, 2021

Absolutely. But I also think I can at least wait until the weekend before we make the call if we do a patch release or not.

@jay
Copy link
Member

jay commented Apr 1, 2021

Sure. I meant wait the regular time which is about a week or something like that.

@bagder bagder closed this as completed in f573998 Apr 2, 2021
@jay jay changed the title Cannot offer h2 with GnuTLS HTTP/2 not used with most SSL backends in 7.76 (to be fixed in 7.76.1 - April 14th) Apr 7, 2021
@jay jay pinned this issue Apr 7, 2021
@bagder bagder unpinned this issue Apr 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging a pull request may close this issue.

4 participants