--http3-only is using HTTP/1.1

[Karthikdasari0423]

Hi @bagder

I am using curl with --http3-only option to download file from nginx server.
From below curl man page and help page i came to know that using --http3 will allow to fall back ,--http3-only will not allow to fallback but seems to be with --http3-only also curl is falling back and using http1.1

man curl:-

--http3-only
sion on its own. Use --http3 for similar functionality with a fallback.
Instructs curl to use HTTP/3 to the host in the URL, with no fallback to earlier HTTP versions.
This option will make curl fail if a QUIC connection cannot be established, it will not attempt any other HTTP version on its own

   --http3
          Use --http3-only for similar functionality without a fallback.

Tells curl to try HTTP/3 to the host in the URL, but fallback to earlier HTTP versions if the HTTP/3 connection establishment fails

curl --help all :-

--http3 Use HTTP v3
--http3-only Use HTTP v3 only

root@ubuntu:~# curl -# -v -k --http3-only -o index.html https://127.0.0.1:443/

• Trying 127.0.0.1:443...
• Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)
• ALPN: offers http/1.1
  } [5 bytes data]
• TLSv1.3 (OUT), TLS handshake, Client hello (1):
  } [512 bytes data]
• TLSv1.3 (IN), TLS handshake, Server hello (2):
  { [88 bytes data]
• TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  } [1 bytes data]
• TLSv1.3 (OUT), TLS handshake, Client hello (1):
  } [512 bytes data]
• TLSv1.3 (IN), TLS handshake, Server hello (2):
  { [155 bytes data]
• TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  { [21 bytes data]
• TLSv1.3 (IN), TLS handshake, Certificate (11):
  { [768 bytes data]
• TLSv1.3 (IN), TLS handshake, CERT verify (15):
  { [264 bytes data]
• TLSv1.3 (IN), TLS handshake, Finished (20):
  { [52 bytes data]
• TLSv1.3 (OUT), TLS handshake, Finished (20):
  } [52 bytes data]
• SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
• ALPN: server accepted http/1.1
• Server certificate:
• subject: CN=ubuntu
• start date: Feb 10 15:24:51 2023 GMT
• expire date: Feb 7 15:24:51 2033 GMT
• issuer: CN=ubuntu
• SSL certificate verify result: self-signed certificate (18), continuing anyway.
• using HTTP/1.1
  } [5 bytes data]

GET / HTTP/1.1
Host: 127.0.0.1
User-Agent: curl/7.88.1-DEV
Accept: /

{ [5 bytes data]

• TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  { [230 bytes data]
• TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  { [230 bytes data]
• old SSL session ID is stale, removing
  { [5 bytes data]
  < HTTP/1.1 200 OK
  < Server: nginx/1.23.4
  < Date: Thu, 16 Feb 2023 18:50:06 GMT
  < Content-Type: text/html
  < Content-Length: 10701
  < Last-Modified: Fri, 10 Feb 2023 15:24:53 GMT
  < Connection: keep-alive
  < ETag: "63e661c5-29cd"
  < Alt-Svc: h3=":443"; ma=86400
  < Accept-Ranges: bytes
  <
  { [10701 bytes data]
  ################################################################################################################################ 100.0%* Connection #0 to host 127.0.0.1 left intact

Excpeted is to not fall back to http1.1 and expected result should look something like this below

root@ubuntu:~# curl -# -v -k --http3 -o index.html https://127.0.0.1:443/

• Trying 127.0.0.1:443...
• Skipped certificate verification
• Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)
• using HTTP/3
• h2h3 [:method: GET]
• h2h3 [:path: /]
• h2h3 [:scheme: https]
• h2h3 [:authority: 127.0.0.1]
• h2h3 [user-agent: curl/7.88.1-DEV]
• h2h3 [accept: /]
• Using HTTP/3 Stream ID: 0 (easy handle 0x556d310dff30)

GET / HTTP/3
Host: 127.0.0.1
user-agent: curl/7.88.1-DEV
accept: /

< HTTP/3 200
< server: nginx/1.23.4
< date: Thu, 16 Feb 2023 19:01:14 GMT
< content-type: text/html
< content-length: 10701
< last-modified: Fri, 10 Feb 2023 15:24:53 GMT
< etag: "63e661c5-29cd"
< alt-svc: h3=":443"; ma=86400
< accept-ranges: bytes
<
{ [3483 bytes data]
################################################################################################################################ 100.0%* Connection #0 to host 127.0.0.1 left intact

root@ubuntu:~# curl -V
curl 7.88.1-DEV (x86_64-pc-linux-gnu) libcurl/7.88.1-DEV OpenSSL/3.0.0 zlib/1.2.11 brotli/1.0.9 ngtcp2/0.14.0-DEV nghttp3/0.9.0-DEV
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTP3 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL threadsafe TLS-SRP UnixSockets

PRETTY_NAME="Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"

root@ubuntu:# nginx -V
nginx version: nginx/1.23.4 (nginx-quic)
built by gcc 11.3.0 (Ubuntu 11.3.0-1ubuntu122.04)
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module --build=nginx-quic --with-debug --with-http_v3_module --with-stream_quic_module --with-cc-opt=-I/src/boringssl/include --with-ld-opt='-L/src/boringssl/build/ssl -L/src/boringssl/build/crypto'

Am i missing anything

Thanks,
Kartheek.

[icing]

Your expectations are correct. Now to find out why it behaves for you this way...

[icing]

Do I see this correctly, that you have a curl build without HTTP/2 support?

[Karthikdasari0423]

Do I see this correctly, that you have a curl build without HTTP/2 support?

i think yes cause i build this curl by using below link and i didnt used nghttp2
https://github.com/curl/curl/blob/master/docs/HTTP3.md#ngtcp2-version

[Karthikdasari0423]

it seems to working when i configured curl with nghttp2 but ideally it should work without nghttp2 also right

root@ubuntu:# curl -V
curl 7.88.1-DEV (x86_64-pc-linux-gnu) libcurl/7.88.1-DEV OpenSSL/3.0.0 zlib/1.2.11 brotli/1.0.9 nghttp2/1.53.0-DEV ngtcp2/0.14.0-DEV nghttp3/0.9.0-DEV
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTP3 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL threadsafe TLS-SRP UnixSockets
root@ubuntu:#
root@ubuntu:#
root@ubuntu:# curl -vvv -k --http3-only -o index.html -# https://127.0.0.1:8443/

• Trying 127.0.0.1:8443...
• Skipped certificate verification
• Connected to 127.0.0.1 (127.0.0.1) port 8443 (#0)
• using HTTP/3
• h2h3 [:method: GET]
• h2h3 [:path: /]
• h2h3 [:scheme: https]
• h2h3 [:authority: 127.0.0.1:8443]
• h2h3 [user-agent: curl/7.88.1-DEV]
• h2h3 [accept: /]
• Using HTTP/3 Stream ID: 0 (easy handle 0x5578d38eaf50)

GET / HTTP/3
Host: 127.0.0.1:8443
user-agent: curl/7.88.1-DEV
accept: /

< HTTP/3 200
< server: nginx/1.23.4
< date: Fri, 17 Feb 2023 09:12:10 GMT
< content-type: text/html
< content-length: 10701
< last-modified: Fri, 10 Feb 2023 15:24:53 GMT
< etag: "63e661c5-29cd"
< alt-svc: h3=":8443"; ma=86400
< accept-ranges: bytes
<
{ [8315 bytes data]
################################################################################################################################ 100.0%* Connection #0 to host 127.0.0.1 left intact

root@ubuntu:~# curl -vvv -k --http3 -o index.html -# https://127.0.0.1:8443/

• Trying 127.0.0.1:8443...
• Skipped certificate verification
• Connected to 127.0.0.1 (127.0.0.1) port 8443 (#0)
• using HTTP/3
• h2h3 [:method: GET]
• h2h3 [:path: /]
• h2h3 [:scheme: https]
• h2h3 [:authority: 127.0.0.1:8443]
• h2h3 [user-agent: curl/7.88.1-DEV]
• h2h3 [accept: /]
• Using HTTP/3 Stream ID: 0 (easy handle 0x55d3ffa15f50)

GET / HTTP/3
Host: 127.0.0.1:8443
user-agent: curl/7.88.1-DEV
accept: /

< HTTP/3 200
< server: nginx/1.23.4
< date: Fri, 17 Feb 2023 09:12:22 GMT
< content-type: text/html
< content-length: 10701
< last-modified: Fri, 10 Feb 2023 15:24:53 GMT
< etag: "63e661c5-29cd"
< alt-svc: h3=":8443"; ma=86400
< accept-ranges: bytes
<
{ [8315 bytes data]
################################################################################################################################ 100.0%* Connection #0 to host 127.0.0.1 left intact

Please feel free to close the issue if you think this is implemeted to work only when configured with nghttp2

sorry @bagder @icing

[icing]

I fixed this in #10544, please have a look.

[Karthikdasari0423]

Thank you @bagder and @icing for fixing this