sagebind
how to use TLS 1.3 with http2 ? version `isahc = { version = "1.7.2" }`
When i use this lib i can see it veoonectign with TLS 1.2 here is logs
Host: global.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: clientsource,route
Origin: https://global.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Sec-Fetch-Dest: empty
Referer: https://global.com/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-GB,en;q=0.9
[2024-10-07 21:14:32][DEBUG] Connected to 45.76.88.173 (45.76.88.173) port 2333
[2024-10-07 21:14:32][DEBUG] Host global.com:443 was resolved.
[2024-10-07 21:14:32][DEBUG] IPv6: (none)
[2024-10-07 21:14:32][DEBUG] IPv4: 172.64.150.207, 104.18.37.49
[2024-10-07 21:14:32][DEBUG] SOCKS5 connect to 172.64.150.207:443 (locally resolved)
[2024-10-07 21:14:32][DEBUG] SOCKS5 request granted.
[2024-10-07 21:14:32][DEBUG] Connected to 45.76.88.173 (45.76.88.173) port 2333
[2024-10-07 21:14:32][DEBUG] ALPN: curl offers h2,http/1.1
[2024-10-07 21:14:34][DEBUG] using HTTP/2
[2024-10-07 21:14:34][DEBUG] [HTTP/2] [1] OPENED stream for https://global.com/user/login
[2024-10-07 21:14:34][DEBUG] [HTTP/2] [1] [:method: OPTIONS]
[2024-10-07 21:14:34][DEBUG] [HTTP/2] [1] [:scheme: https]
[2024-10-07 21:14:34][DEBUG] [HTTP/2] [1] [:authority: global.com]
[2024-10-07 21:14:34][DEBUG] [HTTP/2] [1] [:path: /user/login]
[2024-10-07 21:14:34][DEBUG] [HTTP/2] [1] [accept-encoding: deflate, gzip]
[2024-10-07 21:14:34][DEBUG] [HTTP/2] [1] [pragma: no-cache]
[2024-10-07 21:14:34][DEBUG] [HTTP/2] [1] [cache-control: no-cache]
[2024-10-07 21:14:34][DEBUG] [HTTP/2] [1] [accept: */*]
[2024-10-07 21:14:34][DEBUG] [HTTP/2] [1] [access-control-request-method: POST]
[2024-10-07 21:14:34][DEBUG] [HTTP/2] [1] [access-control-request-headers: clientsource,route]
[2024-10-07 21:14:34][DEBUG] [HTTP/2] [1] [origin: https://global.com]
[2024-10-07 21:14:34][DEBUG] [HTTP/2] [1] [user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0]
[2024-10-07 21:14:34][DEBUG] [HTTP/2] [1] [sec-fetch-mode: cors]
[2024-10-07 21:14:34][DEBUG] [HTTP/2] [1] [sec-fetch-site: same-site]
[2024-10-07 21:14:34][DEBUG] [HTTP/2] [1] [sec-fetch-dest: empty]
[2024-10-07 21:14:34][DEBUG] [HTTP/2] [1] [referer: https://global.com/]
[2024-10-07 21:14:34][DEBUG] [HTTP/2] [1] [accept-language: en-GB,en;q=0.9]
[2024-10-07 21:14:34][DEBUG] Request completely sent off
Status: 200 OK
date: "Mon, 07 Oct 2024 18:14:35 GMT"
content-type: "application/json"
[2024-10-07 21:14:35][DEBUG] Connection #0 to host 45.76.88.173 left intact
content-length: "3"
x-amzn-trace-id: "Root=1-6704250b-6bd0b8a76b956d6a14425235"
x-amzn-requestid: "553de43e-8b0f-426a-800e-9f129cbdce7c"
x-amz-apigw-id: "fSq5yEqXrPEEJtQ="
x-amz-cf-pop: "MRS52-C1"
x-amz-cf-pop: "MRS52-P4"
via: "1.1 6539a76bb06cb86ff6a4a036edfec006.cloudfront.net (CloudFront), 1.1 b2e1326b370630a6e99a66735129eb18.cloudfront.net (CloudFront)"
x-cache: "Miss from cloudfront"
x-amz-cf-id: "m37OZ_lhBFdfJ8GbAThympss7JJKuDbETtHWpeWl-TTEuEar7e_R8Q=="
x-xss-protection: "1; mode=block"
x-frame-options: "DENY"
referrer-policy: "strict-origin-when-cross-origin"
content-security-policy: "upgrade-insecure-requests;"
x-content-type-options: "nosniff"
strict-transport-security: "max-age=31536000; includeSubDomains; preload"
cache-control: "no-cache,no-store,must-revalidate"
access-control-allow-credentials: "true"
access-control-allow-origin: "https://global.com"
access-control-allow-methods: "POST,OPTIONS,GET"
vary: "Access-Control-Request-Method"
vary: "Origin"
vary: "Access-Control-Request-Headers"
access-control-max-age: "600"
access-control-allow-headers: "clientsource,route"
cf-cache-status: "DYNAMIC"
set-cookie: "__cf_bm=OY2LjzwWbNHLfzm9uUyxEAzKv6fSxnAoZYaR4W5WUK0-1728324875-1.0.1.1-oLELLU0IER3jd4JEAziB.09CDAalXoqETAe02crCUDLHwGMPkgQL2kfju6KDe4YdUy4UosZceJJE57TTvZgG5Q; path=/; expires=Mon, 07-Oct-24 18:44:35 GMT; domain=.global.com; HttpOnly; Secure; SameSite=None"
set-cookie: "_cfuvid=8OLwrt5IwUTv9AJYv..BaeYsqQSUIoLsxri3cgLS26o-1728324875217-0.0.1.1-604800000; path=/; domain=.global.com; HttpOnly; Secure; SameSite=None"
server: "cloudflare"
cf-ray: "8cefdf245f2140e3-SIN"
but when i use pure Command::new("curl") i can see it useing http2 and TLSv1.3
let mut curl_command = Command::new("curl");
curl_command
.arg("--keepalive-time")
.arg("120")
.arg("--verbose");
* IPv6: (none)
* IPv4: ip
* Trying 104.18.37.49:443...
* Connected to global.com() port 443
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2871 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
} [5 bytes data]
* using HTTP/2
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* [HTTP/2] [1] OPENED stream for https://global.com/user/login
} [5 bytes data]
> Host: global.com
> authority: global.com
> Accept: application/json, text/plain, */*
> Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
> Cache-Control: no-cache
> Priority: u=1, i
> Accept-Encoding: gzip, deflate, br, zstd
> Content-Type: application/x-www-form-urlencoded
> User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.3
> sec-ch-ua: "Google Chrome";v="127", "Chromium";v="127", ";Not A Brand";v="24"
> sec-ch-ua-mobile: ?0
> sec-ch-ua-platform: Linux
> Content-Length: 1114
here I my current code
let proxy_url: Uri = proxy
.parse()
.context("Failed to parse proxy URL")?;
let isahc_client = IsahcHttpClient::builder()
.version_negotiation(VersionNegotiation::http2())
.tcp_keepalive(TokioDuration::from_secs(300))
.timeout(TokioDuration::from_secs(60)) // Example of setting a request timeout
.proxy(proxy_url)
.build()?;
There's not currently a way to specify which TLS version to use, however this is something that I believe is already implemented in the version 2 branch (currently on hold).
It is also worth noting that Isahc uses libcurl, and not the curl command, so in a way, Isahc and the curl command are both equally consumers of libcurl.
It could very well be just differences in which libcurl version is being used. Isahc by default uses a bundled libcurl and not the one installed on your system. I would check to see which versions of libcurl are being used in both places. You can see the libcurl version used by Isahc by checking the return value of version.
You can also disable the static-curl default crate feature to get Isahc to link to your system-wide libcurl, which might behave more similarly to the curl command.
@sagebind thanks for quick reply
Isahc version: isahc/1.7.2 (features:default,encoding-rs,http2,mime,static-curl,text-decoding) libcurl/8.9.0-DEV SecureTransport zlib/1.2.12 nghttp2/1.61.0
but I will run my code in Docker so it more important my docker will run TLS 1.3 then on my MacBook
how I can disable the static-curl?
I have try this
isahc = { version = "1.7.2", default-features = false, features = ["http2", "mime", "text-decoding"] }
still same
thanks this WORK
isahc = { version = "1.7.2", default-features = false, features = ["http2", "mime", "text-decoding"] }
[2024-10-08 09:04:43][DEBUG] ALPN: curl offers h2,http/1.1
[2024-10-08 09:04:43][DEBUG] CAfile: /etc/ssl/cert.pem
[2024-10-08 09:04:43][DEBUG] CApath: none
[2024-10-08 09:04:43][DEBUG] (304) (OUT), TLS handshake, Client hello (1):
[2024-10-08 09:04:45][DEBUG] (304) (IN), TLS handshake, Server hello (2):
[2024-10-08 09:04:45][DEBUG] (304) (IN), TLS handshake, Unknown (8):
[2024-10-08 09:04:45][DEBUG] (304) (IN), TLS handshake, Certificate (11):
[2024-10-08 09:04:45][DEBUG] (304) (IN), TLS handshake, CERT verify (15):
[2024-10-08 09:04:45][DEBUG] (304) (IN), TLS handshake, Finished (20):
[2024-10-08 09:04:45][DEBUG] (304) (OUT), TLS handshake, Finished (20):
[2024-10-08 09:04:45][DEBUG] SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
[2024-10-08 09:04:45][DEBUG] ALPN: server accepted h2
[2024-10-08 09:04:45][DEBUG] Server certificate:
[2024-10-08 09:04:45][DEBUG] start date: Feb 24 00:00:00 2024 GMT
[2024-10-08 09:04:45][DEBUG] expire date: Feb 25 23:59:59 2025 GMT
[2024-10-08 09:04:45][DEBUG] subjectAltName: host "global.com" matched cert's "*.global.com"
[2024-10-08 09:04:45][DEBUG] issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=GTrust TLS RSA CA G1
[2024-10-08 09:04:45][DEBUG] SSL certificate verify ok.
[2024-10-08 09:04:45][DEBUG] using HTTP/2
for docker do I need to add something ?
SSL connection should be this SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / RSASSA-PSS
but I am getting this SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
- ALPN: curl offers h2,http/1.1
- TLSv1.3 (OUT), TLS handshake, Client hello (1):
- TLSv1.3 (IN), TLS handshake, Server hello (2):
- TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
- TLSv1.3 (IN), TLS handshake, Certificate (11):
- TLSv1.3 (IN), TLS handshake, CERT verify (15):
- TLSv1.3 (IN), TLS handshake, Finished (20):
- TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
- TLSv1.3 (OUT), TLS handshake, Finished (20):
- SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / RSASSA-PSS
- ALPN: server accepted h2
@sagebind can you help me little bit confuse
SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF