retitle -1 curl does not support NPN extension thanks On 30/09/15 22:46, Alessandro Ghedini wrote: > [...] > > Here is what's happening: curl tries to negotiate HTTP/2 during the TLS > handshake using the ALPN extension, but the server doesn't support ALPN (e.g. > OpenSSL in jessie doesn't support it) and instead supports the older NPN > extension (which is deprecated, but still in use). > > The problem being that curl in sid uses GnuTLS which *only* supports ALPN and > not NPN, so the client and the server can't negotiate HTTP/2 and fallback to > HTTP/1.1. > > It's not really a curl bug, though if curl used OpenSSL (in sid) instead of > GnuTLS this would work. TBH I'm not really inclined to switch back to OpenSSL > for this problem alone (mostly because the intention is to, at some point, > completely drop curl's non-GnuTLS backends from Debian and because NPN is > deprecated), but I can't exclude it completely either. > > nghttp2 could implement support for ALPN on its own if it detects that the > used > OpenSSL version doesn't support it, but it's probably overkill... > > Cheers
Thank you for this analysis. TBH, I'm not very interested in using curl that way, I simply noticed that it doesn't work. It's simply an unfortunate mix of TLS extensions that causes problems. I think that it is not worth taking care of unless more people complain. Cheers, Tomasz
signature.asc
Description: PGP signature
