Re: Is HTTP/1.0 still relevant?

Eric J Bowman <> Fri, 04 September 2020 07:12 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B3DE33A07A9 for <>; Fri, 4 Sep 2020 00:12:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.748
X-Spam-Status: No, score=-2.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); domainkeys=pass (768-bit key); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id IOWpmRk-NbIm for <>; Fri, 4 Sep 2020 00:12:32 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E63BE3A0796 for <>; Fri, 4 Sep 2020 00:12:31 -0700 (PDT)
Received: from lists by with local (Exim 4.92) (envelope-from <>) id 1kE5rL-0005Y5-A8 for; Fri, 04 Sep 2020 07:10:07 +0000
Resent-Date: Fri, 04 Sep 2020 07:10:07 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <>) id 1kE5rJ-0005XE-Dj for; Fri, 04 Sep 2020 07:10:05 +0000
Received: from ([]) by with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <>) id 1kE5rH-0005Fa-DJ for; Fri, 04 Sep 2020 07:10:05 +0000
ARC-Seal: i=1; a=rsa-sha256; t=1599203367; cv=none;; s=zohoarc; b=Jb3n8I0jBL4lgMIbUVnWEIoBKnpnfb2wAmQrcZSgRxlT3BXy04YhhQXOK3/LXkXTJKEkEChHYOzomXGNsm+RIyC88xeaIxuU17oFTEDZLb5RGA0obsqGGFspdD90vXsyUu3TOfOTBgoOD4qXpKziBMM1Pr1QrDLQeTM2UUsopf0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=zohoarc; t=1599203367; h=Content-Type:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=wOOqeQKPwaXAHQ+cSrbPoYL7bNt4P1MYxgpQqEHSaaY=; b=XqcpVDkKRSxT0LsdnxrL61q5v0EpXIRGQzpDsrt4cjI1tipe3or6qQzPIXauH+DdaXAv4koTrlTXuVjOtf+m5EAgSjMEhgxJoRpD4bV4T0MGVRpFAxoRgu8aGAhtINBd+rXYith5xLPW6EDSsqkHa5FYz4SVJBGAkAx5/sVd+Ek=
ARC-Authentication-Results: i=1;; dkim=pass; spf=pass; dmarc=pass header.from=<> header.from=<>
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=zapps768;; h=date:from:to:cc:message-id:in-reply-to:references:subject:mime-version:content-type:user-agent; b=Dqv+HZJ4FRJh0TRL9Ipkygy7KRqMxxqLDeVMzmo/pZ6DycLb1fR8Urh1xbAbJq8uNvJD0CXA8DdH WmU4tOX30bN4Rkkood2r0CHzPrmH145LxCbDKEgfHVZeyabcIYCP
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1599203367; s=zm2020;;; h=Date:From:To:Cc:Message-Id:In-Reply-To:References:Subject:MIME-Version:Content-Type; bh=wOOqeQKPwaXAHQ+cSrbPoYL7bNt4P1MYxgpQqEHSaaY=; b=K8YowSyBb1M645dUfCewtbLpYigxQoISAPAsCnycyvzK5W5vVvzuNUBxTnwBWkHK rcSojD669Jz9kP3Ekl+V+fj5kXtPg1ldQ2WunTHfuDps/zEJzuk4kC0HuZPR7a7JJ0O MpUJU4Okh616b5BcEOX+dc03ERWGzD5mdYlenxaA=
Received: from by with SMTP id 1599203364804276.4243901610299; Fri, 4 Sep 2020 00:09:24 -0700 (PDT)
Received: from [] by with HTTP;Fri, 4 Sep 2020 00:09:24 -0700 (PDT)
Date: Fri, 04 Sep 2020 00:09:24 -0700
From: Eric J Bowman <>
To: "Willy Tarreau" <>
Cc: "Ietf Http Wg" <>
Message-Id: <>
In-Reply-To: <>
References: <> <>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_37714_1183935480.1599203364778"
Importance: Medium
User-Agent: Zoho Mail
X-Mailer: Zoho Mail
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: 1kE5rH-0005Fa-DJ a28c9be7c6a5d49ffda39026b1a34a61
Subject: Re: Is HTTP/1.0 still relevant?
Archived-At: <>
X-Mailing-List: <> archive/latest/38001
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

---- On Thu, 03 Sep 2020 22:40:51 -0700 Willy Tarreau <> wrote ---- 


> Hi,


On Thu, Sep 03, 2020 at 10:13:13PM -0700, Eric J Bowman wrote:


>> Hi, I'm greenfield-coding a webserver, and wondering if I can just do away

>> with back-compat with HTTP/1.0. My concern is it's still alive and kicking on

>> intermediaries. Is there any empirical data on this? Opinions also

>> appreciated.



> It really depends what your target is. If you want to support browsers

> and nothing else, it's probably fine to simply fail on it. If you're

> expecting that applications built on top of your web server are compatible

> with various perf testing tools, monitoring scripts, availability tests,

> dirty in-house search engines, or just succeed in some compliance tests,

> it's probably better to still support it.


Hey Willy! Long time no chat. :) I try to code for all intermediaries and

clients, not just browsers, but at this point in time I'm also trying to

eliminate edge cases from my code, because I want to hold it all in my head.

I both appreciate and hate your answer! I didn't realize that the sorts of

testing scripts you mention are still looking for HTTP/1.0 compat. I'm

coding a development server, but I want it to handle significant real-world

traffic all the same. I don't care about meeting any test criteria but my

own, I suppose, when you get down to it. But I am an old dog trying to learn

new tricks!


> In addition I'd suggest that once you've implemented HTTP/1.1, you'll

> note that implementing HTTP/1.0 requires no effort as it's only a subset

> of HTTP/1.1, so you'll just have to add a few "if" around some code

> blocks. In short, Connection defaults to close instead of keep-alive...


Exactly! My code's a lot cleaner and even removes a comment, if I default

to HTTP/1.1 for the Connection header. I'm trying to avoid "just add[ing] a

few" lines of code. It's 2020. I want to hold my webserver code in my head.

I don't want to eplain back-compat with HTTP/1.0 anymore, let alone pollute

my code with it, unless it's really still necessary, which I'm trying to



> neither chunked transfer-encoding nor 1xx responses are expected to be

> supported, and Host is optional. Thus not supporting 1.0 would make your

> 1.1 implementation look fairly suspicious about its ability to adapt to

> a client or server's 1.1 capabilities.


Every httpd I've ever coded or configured, has bent over backwards to avoid

T-E chunked or 1xx responses, and requires the Host header. But hey, if this

was 2005, I'd be 95% done with my webserver code, not like, 33% tops atm...


> The real difficulty with 1.0 is that most of the time such requests come

> from very low-quality clients (mostly scripts) that do not even look at

> the content-length header.


Hmmm... yeah. Development server. Strict is fine. I'll be making HTTP/1.1

my baseline and not worrying about 1.0, but thanks for explaining to me how

that can go wrong. For this project, I don't think I care. If I did care,

thanks for pointing out that it isn't all that difficult to support 1.0.


> Just my two cents,

> Willy


Your two cents is always worth a nickel. ;)