You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The IANA Upgrade Token Registry lists an entry for HTTP/*.*, and specifically identifies "2.0" as a possible version value, as instructed by RFC 9110 Section 18.10. However, this flow seems to have been superseded by "Upgrade: h2c", which was introduced in RFC 7540 and deprecated in RFC 9113. I am not aware of any implementations of "Upgrade: HTTP/2.0" in clients or servers.
I think we have two main options:
Status Quo: Regard "HTTP/*.*" as a mechanism that is formally defined but not implemented anywhere. Provide formal analysis of its security for completeness.
Deprecation: Update RFC 9110 in this draft to remove the definition of this upgrade token. Mark "HTTP" as "obsolete" in the Upgrade Tokens Registry.
The text was updated successfully, but these errors were encountered:
The IANA Upgrade Token Registry lists an entry for HTTP/*.*, and specifically identifies "2.0" as a possible version value, as instructed by RFC 9110 Section 18.10. However, this flow seems to have been superseded by "Upgrade: h2c", which was introduced in RFC 7540 and deprecated in RFC 9113. I am not aware of any implementations of "Upgrade: HTTP/2.0" in clients or servers.
I think we have two main options:
The text was updated successfully, but these errors were encountered: