Accept http/2 only deny http/1.1

[yanyan33333]

hello,I use nghttpx + squid in proxy mode , it works fine . but I want nghttpx accept http/2 connections, deny the http/1.1
I found --npn-list in the doc shows that

--npn-list=
Comma delimited list of ALPN protocol identifier sorted in the order of preference. That means most desirable protocol comes first. This is used in both ALPN and NPN. The parameter must be delimited by a single comma only and any white spaces are treated as a part of protocol string.

Default: h2,h2-16,h2-14,http/1.1

I wonder that if I use setting like --npn-list=h2 all the connections from http/1.1 has been denied??
Can I disable ALPN or NPN?

[tatsuhiro-t]

If --npn-list=h2 is used, nghttpx only accepts h2 when TLS is enabled on frontend.

[yanyan33333]

thanks , but in my test with curl I found that when I visit http url without TLS GET method has been used instead of CONNECT method , which return success

curl -x "https://myproxy" -U "usename:pw" "http://edition.cnn.com/" -v

when I visit https url it goes Proxy CONNECT aborted which means http/1.1 CONNECT method has been denied

curl -x "https://myproxy" -U "usename:pw" "https://google.com/" -v

Is that right?

[yanyan33333]

and I just try https proxy using CONNECT method with http/1.1 it runs well, return code 200
log shows that

"CONNECT ig-l-b-a.akamaihd.net:443 HTTP/1.1" 200

my setting is

frontend=0.0.0.0,443;tls
backend=127.0.0.1,1234
private-key-file=/xxx.pem
certificate-file=/x.pem
http2-proxy=yes
workers=2
verify-client=no
npn-list=h2
add-x-forwarded-for=no
no-via=yes
no-ocsp=yes
no-host-rewrite=yes
tls-proto-list=TLSv1.2
ciphers=ECDHE+AES128

[tatsuhiro-t]

It looks like there is a path that --npn-list is ignored. That is when client does not send any NPN/ALPN at all. Will fix it.

[yanyan33333]

thanks~~