Is TLS mandatory for HTTP/2? [duplicate]

About

Asked 6/4, 2020 at 0:14 Answered 6/4, 2020 at 0:14

According to the HTTP/2 spec (rfc7540), implementations of HTTP/2 require TLS version 1.2 or higher.

Implementations of HTTP/2 MUST use TLS version 1.2 [TLS12] or higher for HTTP/2 over TLS

However, in the HTTP2 FAQ documentation, HTTP/2 does not require encryption(e.g., TLS).

No. After extensive discussion, the Working Group did not have consensus to require the use of encryption (e.g., TLS) for the new protocol.

I am little bit confused. Can you explain it to me to understand it more?

Boardman answered 6/4, 2020 at 0:14 Comment(3)

I read this as "if you're going to support HTTP/2 over TLS, you have to use TLS version 1.2 or higher". – Irritative 6/4, 2020 at 0:19

In other words, parse it as "(Implementations of HTTP/2 MUST use TLS version 1.2 [TLS12] or higher) for HTTP/2 over TLS"; the MUST only applies when actually using HTTP/2 over TLS. You seem to be parsing as "Implementations of HTTP/2 MUST (use TLS version 1.2 [TLS12] or higher for HTTP/2 over TLS)" which I don't think was intended. – Irritative 6/4, 2020 at 0:21

@NateEldredge Thanks for the kind answer. I fully understood. – Boardman 6/4, 2020 at 0:48

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags