Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Curl (or server) offers HTTP/2 but falls back to HTTP/1.1
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Stefan Eissing via curl-library <curl-library_at_lists.haxx.se>
Date: Fri, 28 Jul 2023 11:12:35 +0200
Hi Rich,
you see the ALPN handling in curl's log output. Specifically:
>> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0)
>> * ALPN: offers h2,http/1.1
This means that curl offers the server to talk 'h2' (preferred) or 'http/1.1'. This is as it is supposed to be. Then:
>> * ALPN: server accepted http/1.1
which means the server selected 'http/1.1' from the list of protocols offered by curl. Which is a choice by the server alone.
If you wonder if your local curl can do HTTP/2 properly, just run
> curl -v https://curl.se -o /dev/null
and you should see the line:
* ALPN: server accepted h2
Hope this helps,
Stefan
> Am 28.07.2023 um 10:15 schrieb Richard W.M. Jones via curl-library <curl-library_at_lists.haxx.se>:
>
> On Fri, Jul 28, 2023 at 08:47:45AM +0100, Richard W.M. Jones via curl-library wrote:
>> curl-8.1.2-1.fc39.x86_64
>
> This is how this version of curl was compiled, if that matters:
>
> https://kojipkgs.fedoraproject.org//packages/curl/8.1.2/1.fc39/data/logs/x86_64/build.log
>
> (search down a bit for the ./configure line)
>
> I have this version of libnghttp2:
>
> libnghttp2-1.55.0-1.fc39.x86_64
>
>> I'm trying to force HTTP/2 to a particular server in my program (to
>> test multiplexing). For some reason the server always falls back to
>> HTTP/1.1, even when I use CURL_HTTP_VERSION_2_0 or
>> CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE.
>>
>> Actually it happens at the command line too, see below.
>>
>> Why is this?
>>
>> $ curl -v -I --http2 https://gemmei.ftp.acc.umu.se/images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2
>> % Total % Received % Xferd Average Speed Time Time Time Current
>> Dload Upload Total Spent Left Speed
>> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying [2001:6b0:19::137]:443...
>> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0)
>> * ALPN: offers h2,http/1.1
>> } [5 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
>> } [512 bytes data]
>> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
>> * CApath: none
>> { [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Server hello (2):
>> { [122 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
>> { [21 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Certificate (11):
>> { [4564 bytes data]
>> * TLSv1.3 (IN), TLS handshake, CERT verify (15):
>> { [264 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Finished (20):
>> { [36 bytes data]
>> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
>> } [1 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Finished (20):
>> } [36 bytes data]
>> * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
>> * ALPN: server accepted http/1.1
>
> I read about ALPN, which seems incredibly complicated and confusing.
> I wonder if curl could print some more debugging about why a
> particular protocol was selected?
>
> Rich.
>
>> * Server certificate:
>> * subject: CN=ftp.acc.umu.se
>> * start date: Jul 11 21:18:48 2023 GMT
>> * expire date: Oct 9 21:18:47 2023 GMT
>> * subjectAltName: host "gemmei.ftp.acc.umu.se" matched cert's "gemmei.ftp.acc.umu.se"
>> * issuer: C=US; O=Let's Encrypt; CN=R3
>> * SSL certificate verify ok.
>> * using HTTP/1.1
>> } [5 bytes data]
>>> HEAD /images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2 HTTP/1.1
>>> Host: gemmei.ftp.acc.umu.se
>>> User-Agent: curl/8.1.2
>>> Accept: */*
>>>
>> { [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>> { [249 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>> { [249 bytes data]
>> * old SSL session ID is stale, removing
>> { [5 bytes data]
>> < HTTP/1.1 200 OK
>> < Date: Fri, 28 Jul 2023 07:34:29 GMT
>> < Server: Apache/2.4.55 (Unix)
>> < Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
>> < Content-Length: 378874880
>> < Accept-Ranges: bytes
>> < Age: 357
>> <
>> 0 361M 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
>> * Connection #0 to host gemmei.ftp.acc.umu.se left intact
>> HTTP/1.1 200 OK
>> Date: Fri, 28 Jul 2023 07:34:29 GMT
>> Server: Apache/2.4.55 (Unix)
>> Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
>> Content-Length: 378874880
>> Accept-Ranges: bytes
>> Age: 357
>>
>>
>> Rich.
>>
>> --
>> Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
>> Read my programming and virtualization blog: http://rwmj.wordpress.com
>> libguestfs lets you edit virtual machines. Supports shell scripting,
>> bindings from many languages. http://libguestfs.org
>
>> % Total % Received % Xferd Average Speed Time Time Time Current
>> Dload Upload Total Spent Left Speed
>> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying [2001:6b0:19::137]:443...
>> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0)
>> * ALPN: offers h2,http/1.1
>> } [5 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
>> } [512 bytes data]
>> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
>> * CApath: none
>> { [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Server hello (2):
>> { [122 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
>> { [21 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Certificate (11):
>> { [4564 bytes data]
>> * TLSv1.3 (IN), TLS handshake, CERT verify (15):
>> { [264 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Finished (20):
>> { [36 bytes data]
>> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
>> } [1 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Finished (20):
>> } [36 bytes data]
>> * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
>> * ALPN: server accepted http/1.1
>> * Server certificate:
>> * subject: CN=ftp.acc.umu.se
>> * start date: Jul 11 21:18:48 2023 GMT
>> * expire date: Oct 9 21:18:47 2023 GMT
>> * subjectAltName: host "gemmei.ftp.acc.umu.se" matched cert's "gemmei.ftp.acc.umu.se"
>> * issuer: C=US; O=Let's Encrypt; CN=R3
>> * SSL certificate verify ok.
>> * using HTTP/1.1
>> } [5 bytes data]
>>> HEAD /images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2 HTTP/1.1
>>> Host: gemmei.ftp.acc.umu.se
>>> User-Agent: curl/8.1.2
>>> Accept: */*
>>>
>> { [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>> { [249 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>> { [249 bytes data]
>> * old SSL session ID is stale, removing
>> { [5 bytes data]
>> < HTTP/1.1 200 OK
>> < Date: Fri, 28 Jul 2023 07:34:29 GMT
>> < Server: Apache/2.4.55 (Unix)
>> < Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
>> < Content-Length: 378874880
>> < Accept-Ranges: bytes
>> < Age: 357
>> <
>> 0 361M 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
>> * Connection #0 to host gemmei.ftp.acc.umu.se left intact
>> HTTP/1.1 200 OK
>> Date: Fri, 28 Jul 2023 07:34:29 GMT
>> Server: Apache/2.4.55 (Unix)
>> Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
>> Content-Length: 378874880
>> Accept-Ranges: bytes
>> Age: 357
>>
>
>> --
>> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
>> Etiquette: https://curl.se/mail/etiquette.html
>
>
> --
> Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
> Read my programming and virtualization blog: http://rwmj.wordpress.com
> virt-builder quickly builds VMs from scratch
> http://libguestfs.org/virt-builder.1.html
>
> --
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
> Etiquette: https://curl.se/mail/etiquette.html
Date: Fri, 28 Jul 2023 11:12:35 +0200
Hi Rich,
you see the ALPN handling in curl's log output. Specifically:
>> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0)
>> * ALPN: offers h2,http/1.1
This means that curl offers the server to talk 'h2' (preferred) or 'http/1.1'. This is as it is supposed to be. Then:
>> * ALPN: server accepted http/1.1
which means the server selected 'http/1.1' from the list of protocols offered by curl. Which is a choice by the server alone.
If you wonder if your local curl can do HTTP/2 properly, just run
> curl -v https://curl.se -o /dev/null
and you should see the line:
* ALPN: server accepted h2
Hope this helps,
Stefan
> Am 28.07.2023 um 10:15 schrieb Richard W.M. Jones via curl-library <curl-library_at_lists.haxx.se>:
>
> On Fri, Jul 28, 2023 at 08:47:45AM +0100, Richard W.M. Jones via curl-library wrote:
>> curl-8.1.2-1.fc39.x86_64
>
> This is how this version of curl was compiled, if that matters:
>
> https://kojipkgs.fedoraproject.org//packages/curl/8.1.2/1.fc39/data/logs/x86_64/build.log
>
> (search down a bit for the ./configure line)
>
> I have this version of libnghttp2:
>
> libnghttp2-1.55.0-1.fc39.x86_64
>
>> I'm trying to force HTTP/2 to a particular server in my program (to
>> test multiplexing). For some reason the server always falls back to
>> HTTP/1.1, even when I use CURL_HTTP_VERSION_2_0 or
>> CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE.
>>
>> Actually it happens at the command line too, see below.
>>
>> Why is this?
>>
>> $ curl -v -I --http2 https://gemmei.ftp.acc.umu.se/images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2
>> % Total % Received % Xferd Average Speed Time Time Time Current
>> Dload Upload Total Spent Left Speed
>> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying [2001:6b0:19::137]:443...
>> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0)
>> * ALPN: offers h2,http/1.1
>> } [5 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
>> } [512 bytes data]
>> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
>> * CApath: none
>> { [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Server hello (2):
>> { [122 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
>> { [21 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Certificate (11):
>> { [4564 bytes data]
>> * TLSv1.3 (IN), TLS handshake, CERT verify (15):
>> { [264 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Finished (20):
>> { [36 bytes data]
>> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
>> } [1 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Finished (20):
>> } [36 bytes data]
>> * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
>> * ALPN: server accepted http/1.1
>
> I read about ALPN, which seems incredibly complicated and confusing.
> I wonder if curl could print some more debugging about why a
> particular protocol was selected?
>
> Rich.
>
>> * Server certificate:
>> * subject: CN=ftp.acc.umu.se
>> * start date: Jul 11 21:18:48 2023 GMT
>> * expire date: Oct 9 21:18:47 2023 GMT
>> * subjectAltName: host "gemmei.ftp.acc.umu.se" matched cert's "gemmei.ftp.acc.umu.se"
>> * issuer: C=US; O=Let's Encrypt; CN=R3
>> * SSL certificate verify ok.
>> * using HTTP/1.1
>> } [5 bytes data]
>>> HEAD /images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2 HTTP/1.1
>>> Host: gemmei.ftp.acc.umu.se
>>> User-Agent: curl/8.1.2
>>> Accept: */*
>>>
>> { [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>> { [249 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>> { [249 bytes data]
>> * old SSL session ID is stale, removing
>> { [5 bytes data]
>> < HTTP/1.1 200 OK
>> < Date: Fri, 28 Jul 2023 07:34:29 GMT
>> < Server: Apache/2.4.55 (Unix)
>> < Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
>> < Content-Length: 378874880
>> < Accept-Ranges: bytes
>> < Age: 357
>> <
>> 0 361M 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
>> * Connection #0 to host gemmei.ftp.acc.umu.se left intact
>> HTTP/1.1 200 OK
>> Date: Fri, 28 Jul 2023 07:34:29 GMT
>> Server: Apache/2.4.55 (Unix)
>> Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
>> Content-Length: 378874880
>> Accept-Ranges: bytes
>> Age: 357
>>
>>
>> Rich.
>>
>> --
>> Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
>> Read my programming and virtualization blog: http://rwmj.wordpress.com
>> libguestfs lets you edit virtual machines. Supports shell scripting,
>> bindings from many languages. http://libguestfs.org
>
>> % Total % Received % Xferd Average Speed Time Time Time Current
>> Dload Upload Total Spent Left Speed
>> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying [2001:6b0:19::137]:443...
>> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0)
>> * ALPN: offers h2,http/1.1
>> } [5 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
>> } [512 bytes data]
>> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
>> * CApath: none
>> { [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Server hello (2):
>> { [122 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
>> { [21 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Certificate (11):
>> { [4564 bytes data]
>> * TLSv1.3 (IN), TLS handshake, CERT verify (15):
>> { [264 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Finished (20):
>> { [36 bytes data]
>> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
>> } [1 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Finished (20):
>> } [36 bytes data]
>> * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
>> * ALPN: server accepted http/1.1
>> * Server certificate:
>> * subject: CN=ftp.acc.umu.se
>> * start date: Jul 11 21:18:48 2023 GMT
>> * expire date: Oct 9 21:18:47 2023 GMT
>> * subjectAltName: host "gemmei.ftp.acc.umu.se" matched cert's "gemmei.ftp.acc.umu.se"
>> * issuer: C=US; O=Let's Encrypt; CN=R3
>> * SSL certificate verify ok.
>> * using HTTP/1.1
>> } [5 bytes data]
>>> HEAD /images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2 HTTP/1.1
>>> Host: gemmei.ftp.acc.umu.se
>>> User-Agent: curl/8.1.2
>>> Accept: */*
>>>
>> { [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>> { [249 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>> { [249 bytes data]
>> * old SSL session ID is stale, removing
>> { [5 bytes data]
>> < HTTP/1.1 200 OK
>> < Date: Fri, 28 Jul 2023 07:34:29 GMT
>> < Server: Apache/2.4.55 (Unix)
>> < Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
>> < Content-Length: 378874880
>> < Accept-Ranges: bytes
>> < Age: 357
>> <
>> 0 361M 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
>> * Connection #0 to host gemmei.ftp.acc.umu.se left intact
>> HTTP/1.1 200 OK
>> Date: Fri, 28 Jul 2023 07:34:29 GMT
>> Server: Apache/2.4.55 (Unix)
>> Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
>> Content-Length: 378874880
>> Accept-Ranges: bytes
>> Age: 357
>>
>
>> --
>> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
>> Etiquette: https://curl.se/mail/etiquette.html
>
>
> --
> Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
> Read my programming and virtualization blog: http://rwmj.wordpress.com
> virt-builder quickly builds VMs from scratch
> http://libguestfs.org/virt-builder.1.html
>
> --
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
> Etiquette: https://curl.se/mail/etiquette.html
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-07-28