Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

--http3-only is using HTTP/1.1 #10538

Closed
Karthikdasari0423 opened this issue Feb 16, 2023 · 6 comments
Closed

--http3-only is using HTTP/1.1 #10538

Karthikdasari0423 opened this issue Feb 16, 2023 · 6 comments
Assignees
Labels
HTTP/3 h3 or quic related

Comments

@Karthikdasari0423
Copy link
Contributor

Karthikdasari0423 commented Feb 16, 2023

Hi @bagder

I am using curl with --http3-only option to download file from nginx server.
From below curl man page and help page i came to know that using --http3 will allow to fall back ,--http3-only will not allow to fallback but seems to be with --http3-only also curl is falling back and using http1.1

man curl:-

--http3-only
sion on its own. Use --http3 for similar functionality with a fallback.
Instructs curl to use HTTP/3 to the host in the URL, with no fallback to earlier HTTP versions.
This option will make curl fail if a QUIC connection cannot be established, it will not attempt any other HTTP version on its own

   --http3
          Use --http3-only for similar functionality without a fallback.

Tells curl to try HTTP/3 to the host in the URL, but fallback to earlier HTTP versions if the HTTP/3 connection establishment fails

curl --help all :-

--http3 Use HTTP v3
--http3-only Use HTTP v3 only

root@ubuntu:~# curl -# -v -k --http3-only -o index.html https://127.0.0.1:443/

  • Trying 127.0.0.1:443...
  • Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)
  • ALPN: offers http/1.1
    } [5 bytes data]
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
    } [512 bytes data]
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
    { [88 bytes data]
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
    } [1 bytes data]
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
    } [512 bytes data]
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
    { [155 bytes data]
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
    { [21 bytes data]
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
    { [768 bytes data]
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
    { [264 bytes data]
  • TLSv1.3 (IN), TLS handshake, Finished (20):
    { [52 bytes data]
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
    } [52 bytes data]
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN: server accepted http/1.1
  • Server certificate:
  • subject: CN=ubuntu
  • start date: Feb 10 15:24:51 2023 GMT
  • expire date: Feb 7 15:24:51 2033 GMT
  • issuer: CN=ubuntu
  • SSL certificate verify result: self-signed certificate (18), continuing anyway.
  • using HTTP/1.1
    } [5 bytes data]

GET / HTTP/1.1
Host: 127.0.0.1
User-Agent: curl/7.88.1-DEV
Accept: /

{ [5 bytes data]

  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
    { [230 bytes data]
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
    { [230 bytes data]
  • old SSL session ID is stale, removing
    { [5 bytes data]
    < HTTP/1.1 200 OK
    < Server: nginx/1.23.4
    < Date: Thu, 16 Feb 2023 18:50:06 GMT
    < Content-Type: text/html
    < Content-Length: 10701
    < Last-Modified: Fri, 10 Feb 2023 15:24:53 GMT
    < Connection: keep-alive
    < ETag: "63e661c5-29cd"
    < Alt-Svc: h3=":443"; ma=86400
    < Accept-Ranges: bytes
    <
    { [10701 bytes data]
    ################################################################################################################################ 100.0%* Connection #0 to host 127.0.0.1 left intact

Excpeted is to not fall back to http1.1 and expected result should look something like this below

root@ubuntu:~# curl -# -v -k --http3 -o index.html https://127.0.0.1:443/

  • Trying 127.0.0.1:443...
  • Skipped certificate verification
  • Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)
  • using HTTP/3
  • h2h3 [:method: GET]
  • h2h3 [:path: /]
  • h2h3 [:scheme: https]
  • h2h3 [:authority: 127.0.0.1]
  • h2h3 [user-agent: curl/7.88.1-DEV]
  • h2h3 [accept: /]
  • Using HTTP/3 Stream ID: 0 (easy handle 0x556d310dff30)

GET / HTTP/3
Host: 127.0.0.1
user-agent: curl/7.88.1-DEV
accept: /

< HTTP/3 200
< server: nginx/1.23.4
< date: Thu, 16 Feb 2023 19:01:14 GMT
< content-type: text/html
< content-length: 10701
< last-modified: Fri, 10 Feb 2023 15:24:53 GMT
< etag: "63e661c5-29cd"
< alt-svc: h3=":443"; ma=86400
< accept-ranges: bytes
<
{ [3483 bytes data]
################################################################################################################################ 100.0%* Connection #0 to host 127.0.0.1 left intact

root@ubuntu:~# curl -V
curl 7.88.1-DEV (x86_64-pc-linux-gnu) libcurl/7.88.1-DEV OpenSSL/3.0.0 zlib/1.2.11 brotli/1.0.9 ngtcp2/0.14.0-DEV nghttp3/0.9.0-DEV
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTP3 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL threadsafe TLS-SRP UnixSockets

PRETTY_NAME="Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"

root@ubuntu:# nginx -V
nginx version: nginx/1.23.4 (nginx-quic)
built by gcc 11.3.0 (Ubuntu 11.3.0-1ubuntu1
22.04)
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module --build=nginx-quic --with-debug --with-http_v3_module --with-stream_quic_module --with-cc-opt=-I/src/boringssl/include --with-ld-opt='-L/src/boringssl/build/ssl -L/src/boringssl/build/crypto'

Am i missing anything

Thanks,
Kartheek.

@vszakats vszakats added the HTTP/3 h3 or quic related label Feb 16, 2023
@icing
Copy link
Contributor

icing commented Feb 17, 2023

Your expectations are correct. Now to find out why it behaves for you this way...

@icing
Copy link
Contributor

icing commented Feb 17, 2023

Do I see this correctly, that you have a curl build without HTTP/2 support?

@Karthikdasari0423
Copy link
Contributor Author

Karthikdasari0423 commented Feb 17, 2023

Do I see this correctly, that you have a curl build without HTTP/2 support?

i think yes cause i build this curl by using below link and i didnt used nghttp2
https://github.com/curl/curl/blob/master/docs/HTTP3.md#ngtcp2-version

@Karthikdasari0423
Copy link
Contributor Author

Karthikdasari0423 commented Feb 17, 2023

it seems to working when i configured curl with nghttp2 but ideally it should work without nghttp2 also right

root@ubuntu:# curl -V
curl 7.88.1-DEV (x86_64-pc-linux-gnu) libcurl/7.88.1-DEV OpenSSL/3.0.0 zlib/1.2.11 brotli/1.0.9 nghttp2/1.53.0-DEV ngtcp2/0.14.0-DEV nghttp3/0.9.0-DEV
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTP3 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL threadsafe TLS-SRP UnixSockets
root@ubuntu:
#
root@ubuntu:#
root@ubuntu:
# curl -vvv -k --http3-only -o index.html -# https://127.0.0.1:8443/

  • Trying 127.0.0.1:8443...
  • Skipped certificate verification
  • Connected to 127.0.0.1 (127.0.0.1) port 8443 (#0)
  • using HTTP/3
  • h2h3 [:method: GET]
  • h2h3 [:path: /]
  • h2h3 [:scheme: https]
  • h2h3 [:authority: 127.0.0.1:8443]
  • h2h3 [user-agent: curl/7.88.1-DEV]
  • h2h3 [accept: /]
  • Using HTTP/3 Stream ID: 0 (easy handle 0x5578d38eaf50)

GET / HTTP/3
Host: 127.0.0.1:8443
user-agent: curl/7.88.1-DEV
accept: /

< HTTP/3 200
< server: nginx/1.23.4
< date: Fri, 17 Feb 2023 09:12:10 GMT
< content-type: text/html
< content-length: 10701
< last-modified: Fri, 10 Feb 2023 15:24:53 GMT
< etag: "63e661c5-29cd"
< alt-svc: h3=":8443"; ma=86400
< accept-ranges: bytes
<
{ [8315 bytes data]
################################################################################################################################ 100.0%* Connection #0 to host 127.0.0.1 left intact

root@ubuntu:~# curl -vvv -k --http3 -o index.html -# https://127.0.0.1:8443/

  • Trying 127.0.0.1:8443...
  • Skipped certificate verification
  • Connected to 127.0.0.1 (127.0.0.1) port 8443 (#0)
  • using HTTP/3
  • h2h3 [:method: GET]
  • h2h3 [:path: /]
  • h2h3 [:scheme: https]
  • h2h3 [:authority: 127.0.0.1:8443]
  • h2h3 [user-agent: curl/7.88.1-DEV]
  • h2h3 [accept: /]
  • Using HTTP/3 Stream ID: 0 (easy handle 0x55d3ffa15f50)

GET / HTTP/3
Host: 127.0.0.1:8443
user-agent: curl/7.88.1-DEV
accept: /

< HTTP/3 200
< server: nginx/1.23.4
< date: Fri, 17 Feb 2023 09:12:22 GMT
< content-type: text/html
< content-length: 10701
< last-modified: Fri, 10 Feb 2023 15:24:53 GMT
< etag: "63e661c5-29cd"
< alt-svc: h3=":8443"; ma=86400
< accept-ranges: bytes
<
{ [8315 bytes data]
################################################################################################################################ 100.0%* Connection #0 to host 127.0.0.1 left intact

Please feel free to close the issue if you think this is implemeted to work only when configured with nghttp2

sorry @bagder @icing

icing added a commit to icing/curl that referenced this issue Feb 17, 2023
Refs curl#10538, where using --http3-only in a non http2 build has not effect.
@icing
Copy link
Contributor

icing commented Feb 17, 2023

I fixed this in #10544, please have a look.

@Karthikdasari0423
Copy link
Contributor Author

Thank you @bagder and @icing for fixing this

@bagder bagder closed this as completed in 72bb489 Feb 17, 2023
bch pushed a commit to bch/curl that referenced this issue Jul 19, 2023
Reported-by: Karthikdasari0423 on github
Fixes curl#10538
Closes curl#10544
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
HTTP/3 h3 or quic related
Development

No branches or pull requests

3 participants