Hello,
> But in this example, you're using HTTP/1.1, The "Connection" header is > perfectly valid for 1.1. It's HTTP/2 which forbids it. There is no > inconsistency here. For me a request like this: $ curl -kv --http2 https://localhost/111 -H "Connection: keep-alive" -d "bla=bla" Fired multiple times from the shell, leads to a "400 Bad Request" response in about 20 ~ 30 % of the cases and is forwarded to the backend in other cases. I'm unable to reproduce a "400 Bad Request" when using GET request in my quick tests. Here 2 exact same requests with different haproxy behavior: $ curl -kv --http2 https://localhost/111 -H "Connection: keep-alive" -d "bla=bla" * Trying ::1... * TCP_NODELAY set * Connected to localhost (::1) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=temp.lan.ltri.eu * start date: May 4 16:35:00 2017 GMT * expire date: Aug 2 16:35:00 2017 GMT * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3 * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x5e63f0) > POST /111 HTTP/2 > Host: localhost > User-Agent: curl/7.56.1 > Accept: */* > Connection: keep-alive > Content-Length: 7 > Content-Type: application/x-www-form-urlencoded > * Connection state changed (MAX_CONCURRENT_STREAMS updated)! * We are completely uploaded and fine < HTTP/2 200 < server: nginx < date: Thu, 28 Dec 2017 11:25:15 GMT < content-type: text/html; charset=utf-8 < x-powered-by: PHP/5.3.10-1ubuntu3.26 < set-cookie: HAPTESTa=1514460315 < set-cookie: HAPTESTb=1514460315 < set-cookie: HAPTESTc=1514460315 < set-cookie: HAPTESTd=1514460315 < <!DOCTYPE html> <html> <head> <title>a browser has no cookie</title> <meta http-equiv="refresh" content="2; URL='?expectValue=1514460315'" /> </head> <body> <pre> Please wait: GET parameter expectValue not found; resetting now ... </pre> <a href="?">Reset</a><br /> <a href="source.txt">source-code (PHP)</a><br /> <!-- var_dump($_COOKIE) output: array(0) { } --> </body> </html> * Connection #0 to host localhost left intact $ curl -kv --http2 https://localhost/111 -H "Connection: keep-alive" -d "bla=bla" * Trying ::1... * TCP_NODELAY set * Connected to localhost (::1) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=temp.lan.ltri.eu * start date: May 4 16:35:00 2017 GMT * expire date: Aug 2 16:35:00 2017 GMT * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3 * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x12f63f0) > POST /111 HTTP/2 > Host: localhost > User-Agent: curl/7.56.1 > Accept: */* > Connection: keep-alive > Content-Length: 7 > Content-Type: application/x-www-form-urlencoded > * Connection state changed (MAX_CONCURRENT_STREAMS updated)! * We are completely uploaded and fine < HTTP/2 400 < cache-control: no-cache < content-type: text/html < <html><body><h1>400 Bad request</h1> Your browser sent an invalid request. </body></html> * Connection #0 to host localhost left intact
