Download
Browse source Changelog tiny-curl
Documentation
Project   Bug Bounty FAQ   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Videos Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users IRC / chat Mailing lists Everything curl [book] Video presentations Report a bug Paid support
Development
Autobuilds Code review Code style Contribute Dashboard Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl Tests Overview
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Curl (or server) offers HTTP/2 but falls back to HTTP/1.1

From: Richard W.M. Jones via curl-library <curl-library_at_lists.haxx.se>
Date: Fri, 28 Jul 2023 10:24:35 +0100

On Fri, Jul 28, 2023 at 11:12:35AM +0200, Stefan Eissing wrote:
> Hi Rich,
>
> you see the ALPN handling in curl's log output. Specifically:
>
> >> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0)
> >> * ALPN: offers h2,http/1.1
>
> This means that curl offers the server to talk 'h2' (preferred) or 'http/1.1'. This is as it is supposed to be. Then:

Oh I see. The phrasing is ambiguous though, perhaps the debug message
could be:

  * ALPN: client offers h2,http/1.1

> >> * ALPN: server accepted http/1.1
>
> which means the server selected 'http/1.1' from the list of protocols offered by curl. Which is a choice by the server alone.
>
> If you wonder if your local curl can do HTTP/2 properly, just run
>
> > curl -v https://curl.se -o /dev/null
>
> and you should see the line:
>
> * ALPN: server accepted h2

Yes, that works, thanks.

Rich.

> Hope this helps,
> Stefan
>
> > Am 28.07.2023 um 10:15 schrieb Richard W.M. Jones via curl-library <curl-library_at_lists.haxx.se>:
> >
> > On Fri, Jul 28, 2023 at 08:47:45AM +0100, Richard W.M. Jones via curl-library wrote:
> >> curl-8.1.2-1.fc39.x86_64
> >
> > This is how this version of curl was compiled, if that matters:
> >
> > https://kojipkgs.fedoraproject.org//packages/curl/8.1.2/1.fc39/data/logs/x86_64/build.log
> >
> > (search down a bit for the ./configure line)
> >
> > I have this version of libnghttp2:
> >
> > libnghttp2-1.55.0-1.fc39.x86_64
> >
> >> I'm trying to force HTTP/2 to a particular server in my program (to
> >> test multiplexing). For some reason the server always falls back to
> >> HTTP/1.1, even when I use CURL_HTTP_VERSION_2_0 or
> >> CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE.
> >>
> >> Actually it happens at the command line too, see below.
> >>
> >> Why is this?
> >>
> >> $ curl -v -I --http2 https://gemmei.ftp.acc.umu.se/images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2
> >> % Total % Received % Xferd Average Speed Time Time Time Current
> >> Dload Upload Total Spent Left Speed
> >> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying [2001:6b0:19::137]:443...
> >> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0)
> >> * ALPN: offers h2,http/1.1
> >> } [5 bytes data]
> >> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> >> } [512 bytes data]
> >> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
> >> * CApath: none
> >> { [5 bytes data]
> >> * TLSv1.3 (IN), TLS handshake, Server hello (2):
> >> { [122 bytes data]
> >> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
> >> { [21 bytes data]
> >> * TLSv1.3 (IN), TLS handshake, Certificate (11):
> >> { [4564 bytes data]
> >> * TLSv1.3 (IN), TLS handshake, CERT verify (15):
> >> { [264 bytes data]
> >> * TLSv1.3 (IN), TLS handshake, Finished (20):
> >> { [36 bytes data]
> >> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
> >> } [1 bytes data]
> >> * TLSv1.3 (OUT), TLS handshake, Finished (20):
> >> } [36 bytes data]
> >> * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
> >> * ALPN: server accepted http/1.1
> >
> > I read about ALPN, which seems incredibly complicated and confusing.
> > I wonder if curl could print some more debugging about why a
> > particular protocol was selected?
> >
> > Rich.
> >
> >> * Server certificate:
> >> * subject: CN=ftp.acc.umu.se
> >> * start date: Jul 11 21:18:48 2023 GMT
> >> * expire date: Oct 9 21:18:47 2023 GMT
> >> * subjectAltName: host "gemmei.ftp.acc.umu.se" matched cert's "gemmei.ftp.acc.umu.se"
> >> * issuer: C=US; O=Let's Encrypt; CN=R3
> >> * SSL certificate verify ok.
> >> * using HTTP/1.1
> >> } [5 bytes data]
> >>> HEAD /images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2 HTTP/1.1
> >>> Host: gemmei.ftp.acc.umu.se
> >>> User-Agent: curl/8.1.2
> >>> Accept: */*
> >>>
> >> { [5 bytes data]
> >> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
> >> { [249 bytes data]
> >> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
> >> { [249 bytes data]
> >> * old SSL session ID is stale, removing
> >> { [5 bytes data]
> >> < HTTP/1.1 200 OK
> >> < Date: Fri, 28 Jul 2023 07:34:29 GMT
> >> < Server: Apache/2.4.55 (Unix)
> >> < Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
> >> < Content-Length: 378874880
> >> < Accept-Ranges: bytes
> >> < Age: 357
> >> <
> >> 0 361M 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
> >> * Connection #0 to host gemmei.ftp.acc.umu.se left intact
> >> HTTP/1.1 200 OK
> >> Date: Fri, 28 Jul 2023 07:34:29 GMT
> >> Server: Apache/2.4.55 (Unix)
> >> Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
> >> Content-Length: 378874880
> >> Accept-Ranges: bytes
> >> Age: 357
> >>
> >>
> >> Rich.
> >>
> >> --
> >> Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
> >> Read my programming and virtualization blog: http://rwmj.wordpress.com
> >> libguestfs lets you edit virtual machines. Supports shell scripting,
> >> bindings from many languages. http://libguestfs.org
> >
> >> % Total % Received % Xferd Average Speed Time Time Time Current
> >> Dload Upload Total Spent Left Speed
> >> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying [2001:6b0:19::137]:443...
> >> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0)
> >> * ALPN: offers h2,http/1.1
> >> } [5 bytes data]
> >> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> >> } [512 bytes data]
> >> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
> >> * CApath: none
> >> { [5 bytes data]
> >> * TLSv1.3 (IN), TLS handshake, Server hello (2):
> >> { [122 bytes data]
> >> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
> >> { [21 bytes data]
> >> * TLSv1.3 (IN), TLS handshake, Certificate (11):
> >> { [4564 bytes data]
> >> * TLSv1.3 (IN), TLS handshake, CERT verify (15):
> >> { [264 bytes data]
> >> * TLSv1.3 (IN), TLS handshake, Finished (20):
> >> { [36 bytes data]
> >> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
> >> } [1 bytes data]
> >> * TLSv1.3 (OUT), TLS handshake, Finished (20):
> >> } [36 bytes data]
> >> * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
> >> * ALPN: server accepted http/1.1
> >> * Server certificate:
> >> * subject: CN=ftp.acc.umu.se
> >> * start date: Jul 11 21:18:48 2023 GMT
> >> * expire date: Oct 9 21:18:47 2023 GMT
> >> * subjectAltName: host "gemmei.ftp.acc.umu.se" matched cert's "gemmei.ftp.acc.umu.se"
> >> * issuer: C=US; O=Let's Encrypt; CN=R3
> >> * SSL certificate verify ok.
> >> * using HTTP/1.1
> >> } [5 bytes data]
> >>> HEAD /images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2 HTTP/1.1
> >>> Host: gemmei.ftp.acc.umu.se
> >>> User-Agent: curl/8.1.2
> >>> Accept: */*
> >>>
> >> { [5 bytes data]
> >> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
> >> { [249 bytes data]
> >> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
> >> { [249 bytes data]
> >> * old SSL session ID is stale, removing
> >> { [5 bytes data]
> >> < HTTP/1.1 200 OK
> >> < Date: Fri, 28 Jul 2023 07:34:29 GMT
> >> < Server: Apache/2.4.55 (Unix)
> >> < Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
> >> < Content-Length: 378874880
> >> < Accept-Ranges: bytes
> >> < Age: 357
> >> <
> >> 0 361M 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
> >> * Connection #0 to host gemmei.ftp.acc.umu.se left intact
> >> HTTP/1.1 200 OK
> >> Date: Fri, 28 Jul 2023 07:34:29 GMT
> >> Server: Apache/2.4.55 (Unix)
> >> Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
> >> Content-Length: 378874880
> >> Accept-Ranges: bytes
> >> Age: 357
> >>
> >
> >> --
> >> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
> >> Etiquette: https://curl.se/mail/etiquette.html
> >
> >
> > --
> > Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
> > Read my programming and virtualization blog: http://rwmj.wordpress.com
> > virt-builder quickly builds VMs from scratch
> > http://libguestfs.org/virt-builder.1.html
> >
> > --
> > Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
> > Etiquette: https://curl.se/mail/etiquette.html
> 

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW
-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2023-07-28