bneradt commented on code in PR #11881:
URL: https://github.com/apache/trafficserver/pull/11881#discussion_r1880543473
##########
src/proxy/ProtocolProbeSessionAccept.cc:
##########
@@ -136,7 +136,12 @@ struct ProtocolProbeTrampoline : public Continuation,
public ProtocolProbeSessio
} // end of Proxy Protocol processing
if (proto_is_http2(reader)) {
- key = PROTO_HTTP2;
+ if (netvc->get_service<TLSBasicSupport>() == nullptr) {
+ key = PROTO_HTTP2;
+ } else {
+ Dbg(dbg_ctl_http, "HTTP/2 prior knowledge was used on a TLS connection
(protocol violation). Selecting HTTP/1 instead.");
+ key = PROTO_HTTP;
+ }
Review Comment:
While we're at it, I suggest adding a comment referencing the RFC. Maybe
something like:
```cpp
// RFC 9113 Section 3.3: Prior knowledge is only permissible for HTTP/2
over plaintext (non-TLS) connections.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
