curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Curl (or server) offers HTTP/2 but falls back to HTTP/1.1

From: Stefan Eissing via curl-library <curl-library_at_lists.haxx.se>
Date: Fri, 28 Jul 2023 11:12:35 +0200

Hi Rich,

you see the ALPN handling in curl's log output. Specifically:

>> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0)
>> * ALPN: offers h2,http/1.1

This means that curl offers the server to talk 'h2' (preferred) or 'http/1.1'. This is as it is supposed to be. Then:

>> * ALPN: server accepted http/1.1

which means the server selected 'http/1.1' from the list of protocols offered by curl. Which is a choice by the server alone.

If you wonder if your local curl can do HTTP/2 properly, just run

> curl -v https://curl.se -o /dev/null

and you should see the line:

  * ALPN: server accepted h2

Hope this helps,
Stefan

> Am 28.07.2023 um 10:15 schrieb Richard W.M. Jones via curl-library <curl-library_at_lists.haxx.se>:
>
> On Fri, Jul 28, 2023 at 08:47:45AM +0100, Richard W.M. Jones via curl-library wrote:
>> curl-8.1.2-1.fc39.x86_64
>
> This is how this version of curl was compiled, if that matters:
>
> https://kojipkgs.fedoraproject.org//packages/curl/8.1.2/1.fc39/data/logs/x86_64/build.log
>
> (search down a bit for the ./configure line)
>
> I have this version of libnghttp2:
>
> libnghttp2-1.55.0-1.fc39.x86_64
>
>> I'm trying to force HTTP/2 to a particular server in my program (to
>> test multiplexing). For some reason the server always falls back to
>> HTTP/1.1, even when I use CURL_HTTP_VERSION_2_0 or
>> CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE.
>>
>> Actually it happens at the command line too, see below.
>>
>> Why is this?
>>
>> $ curl -v -I --http2 https://gemmei.ftp.acc.umu.se/images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2
>> % Total % Received % Xferd Average Speed Time Time Time Current
>> Dload Upload Total Spent Left Speed
>> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying [2001:6b0:19::137]:443...
>> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0)
>> * ALPN: offers h2,http/1.1
>> } [5 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
>> } [512 bytes data]
>> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
>> * CApath: none
>> { [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Server hello (2):
>> { [122 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
>> { [21 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Certificate (11):
>> { [4564 bytes data]
>> * TLSv1.3 (IN), TLS handshake, CERT verify (15):
>> { [264 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Finished (20):
>> { [36 bytes data]
>> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
>> } [1 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Finished (20):
>> } [36 bytes data]
>> * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
>> * ALPN: server accepted http/1.1
>
> I read about ALPN, which seems incredibly complicated and confusing.
> I wonder if curl could print some more debugging about why a
> particular protocol was selected?
>
> Rich.
>
>> * Server certificate:
>> * subject: CN=ftp.acc.umu.se
>> * start date: Jul 11 21:18:48 2023 GMT
>> * expire date: Oct 9 21:18:47 2023 GMT
>> * subjectAltName: host "gemmei.ftp.acc.umu.se" matched cert's "gemmei.ftp.acc.umu.se"
>> * issuer: C=US; O=Let's Encrypt; CN=R3
>> * SSL certificate verify ok.
>> * using HTTP/1.1
>> } [5 bytes data]
>>> HEAD /images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2 HTTP/1.1
>>> Host: gemmei.ftp.acc.umu.se
>>> User-Agent: curl/8.1.2
>>> Accept: */*
>>>
>> { [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>> { [249 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>> { [249 bytes data]
>> * old SSL session ID is stale, removing
>> { [5 bytes data]
>> < HTTP/1.1 200 OK
>> < Date: Fri, 28 Jul 2023 07:34:29 GMT
>> < Server: Apache/2.4.55 (Unix)
>> < Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
>> < Content-Length: 378874880
>> < Accept-Ranges: bytes
>> < Age: 357
>> <
>> 0 361M 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
>> * Connection #0 to host gemmei.ftp.acc.umu.se left intact
>> HTTP/1.1 200 OK
>> Date: Fri, 28 Jul 2023 07:34:29 GMT
>> Server: Apache/2.4.55 (Unix)
>> Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
>> Content-Length: 378874880
>> Accept-Ranges: bytes
>> Age: 357
>>
>>
>> Rich.
>>
>> --
>> Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
>> Read my programming and virtualization blog: http://rwmj.wordpress.com
>> libguestfs lets you edit virtual machines. Supports shell scripting,
>> bindings from many languages. http://libguestfs.org
>
>> % Total % Received % Xferd Average Speed Time Time Time Current
>> Dload Upload Total Spent Left Speed
>> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying [2001:6b0:19::137]:443...
>> * Connected to gemmei.ftp.acc.umu.se (2001:6b0:19::137) port 443 (#0)
>> * ALPN: offers h2,http/1.1
>> } [5 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
>> } [512 bytes data]
>> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
>> * CApath: none
>> { [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Server hello (2):
>> { [122 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
>> { [21 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Certificate (11):
>> { [4564 bytes data]
>> * TLSv1.3 (IN), TLS handshake, CERT verify (15):
>> { [264 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Finished (20):
>> { [36 bytes data]
>> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
>> } [1 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Finished (20):
>> } [36 bytes data]
>> * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
>> * ALPN: server accepted http/1.1
>> * Server certificate:
>> * subject: CN=ftp.acc.umu.se
>> * start date: Jul 11 21:18:48 2023 GMT
>> * expire date: Oct 9 21:18:47 2023 GMT
>> * subjectAltName: host "gemmei.ftp.acc.umu.se" matched cert's "gemmei.ftp.acc.umu.se"
>> * issuer: C=US; O=Let's Encrypt; CN=R3
>> * SSL certificate verify ok.
>> * using HTTP/1.1
>> } [5 bytes data]
>>> HEAD /images/cloud/bookworm/daily/latest/debian-12-backports-generic-amd64-daily.qcow2 HTTP/1.1
>>> Host: gemmei.ftp.acc.umu.se
>>> User-Agent: curl/8.1.2
>>> Accept: */*
>>>
>> { [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>> { [249 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>> { [249 bytes data]
>> * old SSL session ID is stale, removing
>> { [5 bytes data]
>> < HTTP/1.1 200 OK
>> < Date: Fri, 28 Jul 2023 07:34:29 GMT
>> < Server: Apache/2.4.55 (Unix)
>> < Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
>> < Content-Length: 378874880
>> < Accept-Ranges: bytes
>> < Age: 357
>> <
>> 0 361M 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
>> * Connection #0 to host gemmei.ftp.acc.umu.se left intact
>> HTTP/1.1 200 OK
>> Date: Fri, 28 Jul 2023 07:34:29 GMT
>> Server: Apache/2.4.55 (Unix)
>> Last-Modified: Thu, 27 Jul 2023 06:16:27 GMT
>> Content-Length: 378874880
>> Accept-Ranges: bytes
>> Age: 357
>>
>
>> --
>> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
>> Etiquette: https://curl.se/mail/etiquette.html
>
>
> --
> Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
> Read my programming and virtualization blog: http://rwmj.wordpress.com
> virt-builder quickly builds VMs from scratch
> http://libguestfs.org/virt-builder.1.html
>
> --
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
> Etiquette: https://curl.se/mail/etiquette.html


-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2023-07-28