On Tue, Apr 19, 2016 at 11:26 AM, William A Rowe Jr <wr...@rowe-clan.net>
wrote:
> On Tue, Apr 19, 2016 at 11:04 AM, Jacob Champion <champio...@gmail.com>
> wrote:
>
>> On 04/19/2016 08:47 AM, William A Rowe Jr wrote:
>> > I agree with your analysis, "h2" is not an upgrade candidate.
>> >
>> > "h2c" is an upgrade candidate.
>>
>> Is an h2c upgrade allowed over an HTTP/1.1+TLS connection? 7540 seems to
>> hint that it's not ("The 'h2c' string is reserved from the ALPN
>> identifier space but describes a protocol that does not use TLS"), but I
>> can't find any "MUST NOT" language.
>>
>
> Not according to the HTTP/2 wg, they declared that SNI ALPN "h2"
> connections were the only way to establish TLS h2 connections, and
> that h2c is plaintext, by their definition.
>
(There is a suggestion that HTTP/2 wg proscribed the *client* behavior,
and that server implementors are free to offer h2c over https upgrade,
or h2 over http upgrade, but if there is no client that would consume
that behavior... well...)
