Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
MIME-Version: 1.0
In-Reply-To: <85F6B23C-D866-4F91-ADAD-507C509192FC@greenbytes.de>
References: 
 <CACsi250=dbRQKnsbE8JSdAZRm5x99gE0sgX3iQ-PHAx77euD1A@mail.gmail.com>
	<CAGu=u8jn-qYVX2V-EAvcOjnPP3OcGcpThj7YesXxQRCHDUzgaA@mail.gmail.com>
	<CACsi251zevzsdTUQKmye9bPLRnoc6Tn__GRRavDPgrU-f5L7Ag@mail.gmail.com>
	<85F6B23C-D866-4F91-ADAD-507C509192FC@greenbytes.de>
Date: Mon, 7 Dec 2015 16:12:14 -0600
Message-ID: 
 <CACsi251EgSnYcXq9J8+wcY+n22GpCqvJ-zW83FdZR3GF+L3f+w@mail.gmail.com>
Subject: Re: 2.4 pause - mod_http2 patchset Upgrade h2c vs mod_ssl Upgrade tls
From: William A Rowe Jr <wrowe@rowe-clan.net>
To: httpd <dev@httpd.apache.org>
Content-Type: multipart/alternative; boundary=001a11c2eb5a43c2d5052656260b

--001a11c2eb5a43c2d5052656260b
Content-Type: text/plain; charset=UTF-8

On Mon, Dec 7, 2015 at 2:39 PM, Stefan Eissing <stefan.eissing@greenbytes.de
> wrote:

> There can be no 100 after a 101. After a 101, the downstream speaks the
> new protocol, immediately.
>

Right, and the new protocol is TLS/1.x HTTP/1.1 in the mod_ssl case.  What's
so confusing?


> Am 07.12.2015 um 21:29 schrieb William A Rowe Jr <wrowe@rowe-clan.net>:
>
> On Mon, Dec 7, 2015 at 2:15 PM, Jacob Champion <champion.p@gmail.com>
> wrote:
>
>> On Dec 7, 2015 8:43 AM, "William A Rowe Jr" <wrowe@rowe-clan.net> wrote:
>> >
>> > https://tools.ietf.org/html/rfc7230#section-6.7 makes things more
>> interesting, it calls out that 101-continue and the request body read
>> precedes the 101-switching protocols.  Not sure who decided that would be a
>> good idea, sigh...
>>
>> 100-continue can't be after the switch; the new protocol may not have any
>> idea what continue semantics are. Similarly, the request body sent is still
>> part of an HTTP/1.1 request and should be processed as such.
>>
>> > but mod_ssl TLS upgrade has these reversed for several good reasons
>> including the intent to encrypt the request body if present and simple
>> economics of processing.
>>
>> Did you mean "decrypt the request body"?
>>
> Yes, my bad...
>
>> The client needs to send its request body in plaintext since servers are
>> free to completely ignore the Upgrade, right? My reading of the specs is
>> that an Upgrade request is still a self-contained HTTP/1.1 request, body
>> included.
>>
> No.  If the upgrade is rejected, no 101-switching protocols occurs.  If
> there was no Expect: 100-continue then yes, the body seems part of the
> request headers with no way to anticipate how to proceed except plaintext,
> but in the case of an Expect: 100-continue, an an interim 101-switching
> protocols, a tls handshake, followed by a 100-continue seemed entirely
> reasonable.
>
> It appears we did the wrong thing in the absence of an Expect:
> 100-continue, but as a practical matter this seems fairly academic since
> RFC7230 codifies a specific sequence that we must adopt, and the instances
> of request bodies in upgrade requests seems philosophical.
>
>
>
>
>

--001a11c2eb5a43c2d5052656260b
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On M=
on, Dec 7, 2015 at 2:39 PM, Stefan Eissing <span dir=3D"ltr">&lt;<a href=3D=
"mailto:stefan.eissing@greenbytes.de" target=3D"_blank">stefan.eissing@gree=
nbytes.de</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=
=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=
=3D"auto"><div></div><div>There can be no 100 after a 101. After a 101, the=
 downstream speaks the new protocol, immediately.=C2=A0</div></div></blockq=
uote><div><br></div><div>Right, and the new protocol is TLS/1.x HTTP/1.1 in=
 the mod_ssl case.=C2=A0 What&#39;s</div><div>so confusing?</div><div><br><=
/div><div>=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0=
 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"auto"><div=
><div class=3D"h5"><div>Am 07.12.2015 um 21:29 schrieb William A Rowe Jr &l=
t;<a href=3D"mailto:wrowe@rowe-clan.net" target=3D"_blank">wrowe@rowe-clan.=
net</a>&gt;:<br><br></div><blockquote type=3D"cite"><div><div dir=3D"ltr"><=
div class=3D"gmail_extra"><div class=3D"gmail_quote">On Mon, Dec 7, 2015 at=
 2:15 PM, Jacob Champion <span dir=3D"ltr">&lt;<a href=3D"mailto:champion.p=
@gmail.com" target=3D"_blank">champion.p@gmail.com</a>&gt;</span> wrote:<br=
><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1=
px #ccc solid;padding-left:1ex"><span><p dir=3D"ltr">On Dec 7, 2015 8:43 AM=
, &quot;William A Rowe Jr&quot; &lt;<a href=3D"mailto:wrowe@rowe-clan.net" =
target=3D"_blank">wrowe@rowe-clan.net</a>&gt; wrote:<br>
&gt;<br>
&gt; <a href=3D"https://tools.ietf.org/html/rfc7230#section-6.7" target=3D"=
_blank">https://tools.ietf.org/html/rfc7230#section-6.7</a> makes things mo=
re interesting, it calls out that 101-continue and the request body read pr=
ecedes the 101-switching protocols.=C2=A0 Not sure who decided that would b=
e a good idea, sigh...</p>
</span><p dir=3D"ltr">100-continue can&#39;t be after the switch; the new p=
rotocol may not have any idea what continue semantics are. Similarly, the r=
equest body sent is still part of an HTTP/1.1 request and should be process=
ed as such.</p><span>
<p dir=3D"ltr">&gt; but mod_ssl TLS upgrade has these reversed for several =
good reasons including the intent to encrypt the request body if present an=
d simple economics of processing.</p>
</span><p dir=3D"ltr">Did you mean &quot;decrypt the request body&quot;? </=
p></blockquote><div>Yes, my bad...=C2=A0</div><blockquote class=3D"gmail_qu=
ote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex=
"><p dir=3D"ltr">The client needs to send its request body in plaintext sin=
ce servers are free to completely ignore the Upgrade, right? My reading of =
the specs is that an Upgrade request is still a self-contained HTTP/1.1 req=
uest, body included.</p></blockquote><div>No.=C2=A0 If the upgrade is rejec=
ted, no 101-switching protocols occurs.=C2=A0 If there was no Expect: 100-c=
ontinue then yes, the body seems part of the request headers with no way to=
 anticipate how to proceed except plaintext, but in the case of an Expect: =
100-continue, an an interim 101-switching protocols, a tls handshake, follo=
wed by a 100-continue seemed entirely reasonable.<br></div><div><br></div><=
div>It appears we did the wrong thing in the absence of an Expect: 100-cont=
inue, but as a practical matter this seems fairly academic since RFC7230 co=
difies a specific sequence that we must adopt, and the instances of request=
 bodies in upgrade requests seems philosophical.</div><div><br></div><div><=
br></div><div><br></div><div><br></div></div></div></div>
</div></blockquote></div></div></div></blockquote></div><br></div></div>

--001a11c2eb5a43c2d5052656260b--