From 4bcc532de5b639ace6f96f0a30524a08861843b1 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 13 Dec 2015 09:23:36 +0100
Subject: http: add libcurl option to allow HTTP/2 for HTTPS only

... and stick to 1.1 for HTTP. This is in line with what browsers do and
should have very little risk.
---
 lib/vtls/mbedtls.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/vtls/mbedtls.c')

diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index 0616e6836..2fbf9b8d2 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -374,7 +374,7 @@ mbedtls_connect_step1(struct connectdata *conn,
   }
 
 #ifdef HAS_ALPN
-  if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
+  if(data->set.httpversion >= CURL_HTTP_VERSION_2) {
     if(data->set.ssl_enable_alpn) {
       static const char* protocols[] = {
         NGHTTP2_PROTO_VERSION_ID, ALPN_HTTP_1_1, NULL
@@ -475,7 +475,7 @@ mbedtls_connect_step2(struct connectdata *conn,
 
       if(strncmp(next_protocol, NGHTTP2_PROTO_VERSION_ID,
                   NGHTTP2_PROTO_VERSION_ID_LEN)) {
-        conn->negnpn = CURL_HTTP_VERSION_2_0;
+        conn->negnpn = CURL_HTTP_VERSION_2;
       }
       else if(strncmp(next_protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH)) {
         conn->negnpn = CURL_HTTP_VERSION_1_1;
-- 
cgit v1.2.3