Detect HTTP2 on the server

[gmetais]

When a website is served with HTTP2, some of the rules (mainly about reducing the number of requests) are not relevant.

The problem is about detecting HTTP2. Does anyone know how to achieve this? Help appreciated!

[stefanjudis]

Hmm, not sure this is possible.

This is how the chrome extensions are doing it.

https://github.com/rauchg/chrome-spdy-indicator/pull/17/files#diff-3bc2bac40502552eb11fde9ff7bd7b43L11

Probably this information is not available in phantomjs?

[DareBoost]

You might be able to do this easily for non-SSL connection :
http://chimera.labs.oreilly.com/books/1230000000545/ch12.html#HTTP2_UPGRADE

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: HTTP/2.0

[gmetais]

I'll have to check if the res.spdy attribute is available in PhantomJS 2.0. But if it is, it would probably be compatible with an old version of SPDY and not the latest HTTP2 :/

Found this C++ open-source project: https://github.com/zoompf/SPDYCheck
Not sure I'll find how to compile this and launch a test.

[gmetais]

You might be able to do this easily for non-SSL connection :
http://chimera.labs.oreilly.com/books/1230000000545/ch12.html#HTTP2_UPGRADE

Thank you, it looks like a good solution.
For the moment I can't make it work with CURL:

curl -X GET -iv -H "Connection: Upgrade, HTTP2-Settings" -H "Upgrade: h2c" -H "HTTP2-Settings: AAMAAABkAAQAAP__" http://www.google.com/

* Connected to www.google.com (2a00:1450:400b:c02::67) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.37.1
> Host: www.google.com
> Accept: */*
> Connection: Upgrade, HTTP2-Settings
> Upgrade: h2c
> HTTP2-Settings: AAMAAABkAAQAAP__
> 
< HTTP/1.1 302 Found
HTTP/1.1 302 Found
< Cache-Control: private
Cache-Control: private
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Location: http://www.google.fr/?gfe_rd=cr&ei=8cgjVbqVIseB7QasvYCYAw
Location: http://www.google.fr/?gfe_rd=cr&ei=8cgjVbqVIseB7QasvYCYAw
< Content-Length: 258
Content-Length: 258
< Date: Tue, 07 Apr 2015 12:09:21 GMT
Date: Tue, 07 Apr 2015 12:09:21 GMT
* Server GFE/2.0 is not blacklisted
< Server: GFE/2.0
Server: GFE/2.0
< Alternate-Protocol: 80:quic,p=0.5
Alternate-Protocol: 80:quic,p=0.5

[gmetais]

Here is another approach (thank you VR):

openssl s_client -connect somedomain.com:443 -nextprotoneg

A server supporting HTTP2 must announce it at the ssl level, with then "npn" and "alpn" extensions. Needs an up to date libssl (not working on OSX).

I didn't manage to make it work for the moment.

[vr]

u're welcome, here is example code
$ openssl s_client -connect twitter.com:443 -nextprotoneg "" 2> /dev/null|head -2|tail -1
Protocols advertised by server: h2, spdy/3.1, http/1.1

[gmetais]

Oh that looks excellent! Thanks a lot!

[stefanjudis]

@vr

Hey - the command is not working on my local machine.

> openssl s_client -connect twitter.com:443 -nextprotoneg ""                              [16:13:19]
unknown option -nextprotoneg
usage: s_client args

 -host host     - use -connect instead
 -port port     - use -connect instead
 -connect host:port - who to connect to (default is localhost:4433)
 -verify depth - turn on peer certificate verification
 -cert arg     - certificate file to use, PEM format assumed
 -certform arg - certificate format (PEM or DER) PEM default
 -key arg      - Private key file to use, in cert file if
                 not specified but cert file is.
 -keyform arg  - key format (PEM or DER) PEM default
 -pass arg     - private key file pass phrase source
 -CApath arg   - PEM format directory of CA's
 -CAfile arg   - PEM format file of CA's
 -reconnect    - Drop and re-make the connection with the same Session-ID
 -pause        - sleep(1) after each read(2) and write(2) system call
 -showcerts    - show all certificates in the chain
 -debug        - extra output
 -msg          - Show protocol messages
 -nbio_test    - more ssl protocol testing
 -state        - print the 'ssl' states
 -nbio         - Run with non-blocking IO
 -crlf         - convert LF from terminal into CRLF
 -quiet        - no s_client output
 -ign_eof      - ignore input eof (default when -quiet)
 -no_ign_eof   - don't ignore input eof
 -ssl2         - just use SSLv2
 -ssl3         - just use SSLv3
 -tls1         - just use TLSv1
 -dtls1        - just use DTLSv1
 -fallback_scsv - send TLS_FALLBACK_SCSV
 -mtu          - set the link layer MTU
 -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol
 -bugs         - Switch on all SSL implementation bug workarounds
 -serverpref   - Use server's cipher preferences (only SSLv2)
 -cipher       - preferred cipher to use, use the 'openssl ciphers'
                 command to see what is available
 -starttls prot - use the STARTTLS command before starting TLS
                 for those protocols that support it, where
                 'prot' defines which one to assume.  Currently,
                 only "smtp", "pop3", "imap", "ftp" and "xmpp"
                 are supported.
 -engine id    - Initialise and use the specified engine
 -rand file:file:...
 -sess_out arg - file to write SSL session to
 -sess_in arg  - file to read SSL session from
 -servername host  - Set TLS extension servername in ClientHello
 -tlsextdebug      - hex dump of all TLS extensions received
 -status           - request certificate status from server
 -no_ticket        - disable use of RFC4507bis session tickets
 -legacy_renegotiation - enable use of legacy renegotiation (dangerous)
FAIL: 1

> openssl version                                                                         [16:14:53]
OpenSSL 0.9.8zg 14 July 2015

What am I missing here? 😊 Openssl is installed in the latest version as far as I see.
Sorry I'm a total noob in this area. ;)

[vr]

@stefanjudis you miss a recent version of openssl :-)

[stefanjudis]

aah - I'm stupid... Have some path troubles here.... Thanks for quick response. :)

[gmetais]

Very easy now, thanx to you @stefanjudis : https://github.com/stefanjudis/is-http2

[gmetais]

Done via #135.