badssl.com icon indicating copy to clipboard operation
badssl.com copied to clipboard
verified publisher icon chromium

Support HTTP/2

Open yyy opened this issue 9 months ago • 2 comments

Currently, badssl.com only supports HTTP/1.1. Please enable HTTP/2 support.

yyy avatar Apr 02 '25 22:04 yyy

Could you say more about what this would enable you to test compared to the status quo?

(There's already plans to add a TLS 1.3 test case, see Issue #332, but that is currently blocked on upgrading nginx and thus also dropping support for some other test cases.)

christhompson avatar Apr 02 '25 23:04 christhompson

I'm working on an HTTP/S client. We support HTTP/1.1 and HTTP/2 (some time in the future, we may add HTTP/3, but we aren't there yet). The code takes a different code path depending on the HTTP version.

I want to verify that our application can handle various invalid cases of invalid server certificates, and badssl.com has been great for that. But I can't validate the HTTP/2 flow because it's not currently supported.

You might be thinking: "But the TLS handshake is the same". But (sorry, this is a little convoluted) the way my app works with invalid certs is by falling back to an unsecure TLS connection, and then doing things while handling subsequent HTTP requests and responses (imagine adding a warning banner to the responses). Which, like I said, is implemented differently based on the HTTP version.

yyy avatar Apr 03 '25 00:04 yyy