Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-2347

Undertow client must send either http/1.1 or both http/1.1 and h2 in SSL ClientHello handshake message

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 2.3.13.Final, 2.2.32.Final
    • None
    • Core
    • None

      When starting TLS over HTTP/1.1 the

      "application_layer_protocol_negotiation (16)": {
        [http/1.1]
      }
      

      ALPN extension must be present in SSL ClientHello handshake message.

      When starting TLS over HTTP/1.1 with upgrade request to HTTP2 the

      "application_layer_protocol_negotiation (16)": {
        [h2, http/1.1]
      }

      ALPN extension must be present in SSL ClientHello handshake message.

      In the past Undertow client was either sending no application_layer_protocol_negotiation ALPN extension when doing SSL over HTTP 1.1 or

      was sending just h2 value in application_layer_protocol_negotiation ALPN extension when doing SSL over HTTP 1.1 with HTTP2 upgrade request.

      This was causing SSL handshaking issues with servers / proxies that were configured to operate on HTTP 1.1 only because SSL protocol on client side

      was complaining when server responded with "application_layer_protocol_negotiation (16)": {
          [http/1.1]
        }

      on client handshake message that was containing just h2 value in application_layer_protocol_negotiation ALPN extension header.

            ropalka Richard Opalka
            ropalka Richard Opalka
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: