From 4bcc532de5b639ace6f96f0a30524a08861843b1 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 13 Dec 2015 09:23:36 +0100 Subject: http: add libcurl option to allow HTTP/2 for HTTPS only ... and stick to 1.1 for HTTP. This is in line with what browsers do and should have very little risk. --- lib/vtls/openssl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/vtls/openssl.c') diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index fdc27b04d..e5b0bb99b 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1582,12 +1582,12 @@ select_next_proto_cb(SSL *ssl, (void)ssl; #ifdef USE_NGHTTP2 - if(conn->data->set.httpversion == CURL_HTTP_VERSION_2_0 && + if(conn->data->set.httpversion >= CURL_HTTP_VERSION_2 && !select_next_protocol(out, outlen, in, inlen, NGHTTP2_PROTO_VERSION_ID, NGHTTP2_PROTO_VERSION_ID_LEN)) { infof(conn->data, "NPN, negotiated HTTP2 (%s)\n", NGHTTP2_PROTO_VERSION_ID); - conn->negnpn = CURL_HTTP_VERSION_2_0; + conn->negnpn = CURL_HTTP_VERSION_2; return SSL_TLSEXT_ERR_OK; } #endif @@ -1859,7 +1859,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) unsigned char protocols[128]; #ifdef USE_NGHTTP2 - if(data->set.httpversion == CURL_HTTP_VERSION_2_0) { + if(data->set.httpversion >= CURL_HTTP_VERSION_2) { protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN; memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID, @@ -2185,7 +2185,7 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex) #ifdef USE_NGHTTP2 if(len == NGHTTP2_PROTO_VERSION_ID_LEN && !memcmp(NGHTTP2_PROTO_VERSION_ID, neg_protocol, len)) { - conn->negnpn = CURL_HTTP_VERSION_2_0; + conn->negnpn = CURL_HTTP_VERSION_2; } else #endif -- cgit v1.2.3