curl-users
Re: Getting SSL or TLS?
Date: Wed, 11 May 2016 15:03:54 -0400
On 5/11/2016 5:45 AM, Gisle Vanem via curl-users wrote:
> Daniel Stenberg wrote:
>
>> A modern curl version (built with OpenSSL) outputs a line like this in the verbose output to help users figure it out:
>>
>> * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
> With 'curl -v https://www.ssllabs.com/ssltest/viewMyClient.html', I
> also get the same:
>
> * ALPN, offering h2
> * ALPN, offering http/1.1
> ...
> * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
> * ALPN, server did not agree to a protocol
>
> Not sure I understand why the ALPN "fails" in libcurl (Win-10/MSVC,
> OpenSSL/1.1.0). This "Application Layer Protocol Negotiation" works
> fine in my Google Chrome:
> Application Layer Protocol Negotiation Yes h2 spdy/3.1 http/1.1
>
> Is building with 'USE_NGHTTP2' required for this feature to work?
>
> The page:
> https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation
>
> says "It is used by HTTP/2". It doesn't says "HTTP/2" is required.
> So I'm confused.
>
If USE_NGHTTP2 is not defined then h2 isn't offered via ALPN. The
nghttp2 library is required by libcurl to use http2.
That site does not accept http2 (server did not agree to a protocol)
however if USE_NGHTTP2 then it was offered and you should be able to see
in your output that libcurl sent ALPN offering both h2 and http/1.1. If
USE_NGHTTP2 was not defined then only http/1.1 would be offered.
When http2 is accepted you should see "ALPN, server accepted to use h2".
For example https://http2.golang.org and also their server says
congratulations, you're using http2.
curl 7.48.0 (i386-pc-win32) libcurl/7.48.0 OpenSSL/1.0.2h nghttp2/1.10.0
curl --silent https://www.ssllabs.com/ssltest/viewMyClient.html | grep
-A6 "Application Layer Protocol Negotiation"
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-users
FAQ: https://curl.haxx.se/docs/faq.html
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-05-11