7 comments

[ 2.7 ms ] story [ 27.8 ms ] thread
One thing is missing from that list: how to test for ALPN support (or the lack thereof). The OpenSSL client just lists the next protocols supported, but no mention if that's NPN or ALPN.

This is one of those details that I believe are the real roadblocks to HTTP/2.0 support. Google is trying to drive adoption by deprecating old features like NPN from Chrome, but people setting their servers up with HTTP/2.0 don't even know about these details or how it affects them.

Using curl is one way:

  % curl -v https://google.com/ --http2
  *   Trying 2607:f8b0:4007:802::1008...
  * Connected to google.com (2607:f8b0:4007:802::1008) port 443 (#0)
  * found 180 certificates in /etc/ssl/certs/ca-certificates.crt
  * found 722 certificates in /etc/ssl/certs
  * ALPN, offering h2
  * ALPN, offering http/1.1
  * SSL connection using TLS1.2 / ECDHE_ECDSA_AES_128_GCM_SHA256
  ...
  * ALPN, server accepted to use h2
The above is with the GnuTLS build on Debian, recent enough OpenSSL versions support both NPN and ALPN.
Next protocols supported are strictly NPN only. If you want to check ALPN support for a specific connection type you can use the following command:

  openssl s_client -alpn h2 -connect news.ycombinator.com:443
Near the end of the output you'll see the ALPN protocol or `No ALPN negotiated`. I haven't managed to get a list of server-supported protocols so far, not sure if that's even possible with ALPN.

This is with LibreSSL 2.3, but I expect OpenSSL 1.0.2 to support it too.

Chrome also shows more detailed HTTP/2 tracing in chrome://net-internals. Select HTTP/2 from the drop-down.
Daniel Stenberg (creator of curl) has a HTTP/2 explained website [1] which might help in understanding HTTP/2.

[1] http://daniel.haxx.se/http2/

Thanks. I added a section at the end with resources on learning more about HTTP/2