[
https://issues.apache.org/jira/browse/HTTPCLIENT-2344?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17914390#comment-17914390
]
Oleg Kalnichevski commented on HTTPCLIENT-2344:
-----------------------------------------------
> the AWS ALB when receiving "Upgrade: TLS/1.2" with "Connection: Upgrade" on a
> HTTP listener actually ends up dropping "Connection: Upgrade" header when
> forwarding to the target group.
[~sbailliez] This is bizarre. `Upgrade` is defined as a hop-by-hop header by
the spec and `Connection: Upgrade` makes it even explicit. Why would a reverse
proxy be forwarding that header at all? This sounds really wrong.
Oleg
> HTTP/1.1 TLS Upgrade (RFC-2817) should not be default
> -----------------------------------------------------
>
> Key: HTTPCLIENT-2344
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2344
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 5.4
> Reporter: Ben Plotnick
> Priority: Minor
>
> Version 5.4 added RFC-2817 support, which by default tries to upgradeĀ since
> protocolUpgradeEnabled is default enabled.
> Although the strict reading of the spec would indicate that a server should
> ignore upgrade requests that it cannot service, conservative proxies might
> reject these requests entirely. This is the case in Envoy today
> I don't see a big advantage to enabling this by default and it is causing
> real issues now.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
