Giter VIP home page Giter VIP logo

Comments (5)

eduardsui avatar eduardsui commented on August 11, 2024

Hello!

The TLS layer seems fine. Maybe check your HTTP headers?

E.

from tlse.

vpltd-kgalaj avatar vpltd-kgalaj commented on August 11, 2024

The way curl does is is, it's using ALPN to negotiate HTTP_2 protocol during TLS phase, and then issues a GET request using HTTP/2 header - and then it does get an answer (see bottom of the reply for log).

But if I try to just use HTTP/2 in headers, I am getting:

HTTP/1.1 505 HTTP Version Not Supported
Server: cloudflare
Date: Mon, 06 Mar 2023 12:14:21 GMT
Content-Type: text/html
Content-Length: 185
Connection: close
CF-RAY: -

<html>
<head><title>505 HTTP Version Not Supported</title></head>
<body>
<center><h1>505 HTTP Version Not Supported</h1></center>
<hr><center>cloudflare</center>
</body>
</html>

I don't see any mention of ALPN in TLSe ... do you think it means I can't use it to connect to this particular server?

user@host ~ % curl -v -H "Accept-Encoding: gzip, deflate" -H "Accept: application/json" https://emm-api.com:443/region/ --output out.txt
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 188.114.96.13:443...
* Connected to emm-api.com (188.114.96.13) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
} [316 bytes data]
* (304) (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* (304) (IN), TLS handshake, Unknown (8):
{ [19 bytes data]
* (304) (IN), TLS handshake, Certificate (11):
{ [4211 bytes data]
* (304) (IN), TLS handshake, CERT verify (15):
{ [79 bytes data]
* (304) (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* (304) (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=*.emm-api.com
*  start date: Jan  9 23:37:19 2023 GMT
*  expire date: Apr  9 23:37:18 2023 GMT
*  subjectAltName: host "emm-api.com" matched cert's "emm-api.com"
*  issuer: C=US; O=Let's Encrypt; CN=E1
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* h2h3 [:method: GET]
* h2h3 [:path: /region/]
* h2h3 [:scheme: https]
* h2h3 [:authority: emm-api.com]
* h2h3 [user-agent: curl/7.86.0]
* h2h3 [accept-encoding: gzip, deflate]
* h2h3 [accept: application/json]
* Using Stream ID: 1 (easy handle 0x7f9fb780f200)
> GET /region/ HTTP/2
> Host: emm-api.com
> user-agent: curl/7.86.0
> accept-encoding: gzip, deflate
> accept: application/json
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 200 
< date: Mon, 06 Mar 2023 12:16:22 GMT
< content-type: application/json
< cache-control: private
< allow: GET, HEAD, OPTIONS
< x-frame-options: SAMEORIGIN
< vary: Cookie
< x-cache-status: MISS
< content-encoding: gzip
< cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IDQLdvmeoGZvMPVbwwlPY%2FOgOjIbK21O4FR0qkJwuhADz%2F4K9JzS3koncoIZkptFLrC%2FawgN7qgA4kJ5FgdDgwKdZlMWbAOWrEhpY47VQcRsDH4iR95ysR10jtJARQ%3D%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 7a3a878c8875bf80-WAW
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
< 
{ [126 bytes data]
100   126    0   126    0     0    758      0 --:--:-- --:--:-- --:--:--   782
* Connection #0 to host emm-api.com left intact

from tlse.

vpltd-kgalaj avatar vpltd-kgalaj commented on August 11, 2024

Actually, I see ALPN in TLSe code ... I was just looking for the wrong string. I'll see if I can make it work now.

from tlse.

eduardsui avatar eduardsui commented on August 11, 2024

See: tls_add_alpn(struct TLSContext *context, const char *alpn).

from tlse.

vpltd-kgalaj avatar vpltd-kgalaj commented on August 11, 2024

I got it to work.

It's first tls_add_alpn( context, protocol_name ) with "h2" and "http/1.1" (starting with the preferred one), and then, after it's connected, tsl_alpn( context ) to get out the name of the protocol that was successfully negotiated.

Thank you for your help!

from tlse.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.