Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-26774

(7.4.z) UNDERTOW-2347 - Undertow client must send either http/1.1 or both http/1.1 and h2 in SSL ClientHello handshake message

XMLWordPrintable

      When starting TLS over HTTP/1.1 the

      "application_layer_protocol_negotiation (16)": {
        [http/1.1]
      }
      

      ALPN extension must be present in SSL ClientHello handshake message.

      When starting TLS over HTTP/1.1 with upgrade request to HTTP2 the

      "application_layer_protocol_negotiation (16)": {
        [h2, http/1.1]
      }

      ALPN extension must be present in SSL ClientHello handshake message.

      In the past Undertow client was either sending no application_layer_protocol_negotiation ALPN extension when doing SSL over HTTP 1.1 or

      was sending just h2 value in application_layer_protocol_negotiation ALPN extension when doing SSL over HTTP 1.1 with HTTP2 upgrade request.

      This was causing SSL handshaking issues with servers / proxies that were configured to operate on HTTP 1.1 only because SSL protocol on client side

      was complaining when server responded with "application_layer_protocol_negotiation (16)": {
          [http/1.1]
        }

      on client handshake message that was containing just h2 value in application_layer_protocol_negotiation ALPN extension header.

              flaviarnn Flavia Rainone
              flaviarnn Flavia Rainone
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: