Re: HTTP/2 GREASE, Results, and Implications

David Benjamin <> Thu, 31 October 2019 19:07 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9C36A1208D9 for <>; Thu, 31 Oct 2019 12:07:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.75
X-Spam-Status: No, score=-2.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id roKoXQToSqCr for <>; Thu, 31 Oct 2019 12:07:37 -0700 (PDT)
Received: from ( [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B2E1B1209B5 for <>; Thu, 31 Oct 2019 12:07:37 -0700 (PDT)
Received: from lists by with local (Exim 4.89) (envelope-from <>) id 1iQFlQ-000119-T5 for; Thu, 31 Oct 2019 19:05:44 +0000
Resent-Date: Thu, 31 Oct 2019 19:05:44 +0000
Resent-Message-Id: <>
Received: from ([2603:400a:ffff:804:801e:34:0:4f]) by with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <>) id 1iQFlJ-0000zG-7E for; Thu, 31 Oct 2019 19:05:37 +0000
Received: from ([2607:f8b0:4864:20::634]) by with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <>) id 1iQFlG-0000vK-QS for; Thu, 31 Oct 2019 19:05:36 +0000
Received: by with SMTP id t10so3106898plr.8 for <>; Thu, 31 Oct 2019 12:05:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MSwpDY7PpJbQUFhQEgbgtRzQpx2O/s0mxE0F/MeivRI=; b=M9Dx2+eZSYauXL9rrUuD+h7iipzXusxoX0SWhg42rc8Xq7oc2Qv4Ww3w39lkw92582 6JtPiZ/qUYrejFl6g0UzU3nCR/PR96L+5wi6HGsBm5DsoHitxx24Qi1AYtMwjtMzqE8g 94dwnYUT29ILXUjnpXkGWp3Vu3c7O/yBOJkEo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MSwpDY7PpJbQUFhQEgbgtRzQpx2O/s0mxE0F/MeivRI=; b=D7sX0K4GT3Z9z5Fn9dXdhbKGoAvqvtP/B1ENwuS39tfWMIygXx9SrNwJcrdfMEafaX FEKiBKBpGf58PhG5BV+ozrhr9LQAYPGWMNQs7h2ef6xY2NhZeUnNKHH77taL0TR3OGCY ylEbrrS4HwIIibvid8gQZukYTOfFtdQl/Dlw7EaGfly+FcOopyqRPpkWvafNgT9KGQik APw74kRGOw31tbHBcJx7par2By4DR68+b74v6k/75w/hphAiyl723WpSv8fAKsdluvZ4 TYAiMB35Tv0nEquGd80H1up/zJfEB729300eHZazlr9kev8XBNRpqUGPmbh1zaOAxaqd Vl2g==
X-Gm-Message-State: APjAAAWYEACPvj/0BKv3lxvDwRM1yBbvTHKUHNBCA3mbmvpYu4X7/ENK Sb14Bkm4gMCAXCUiRfGJZHvyMrUIYAQslmFleoJw
X-Google-Smtp-Source: APXvYqy/ARoYfsroVDf6SwctnTf6Fm7X94bJzS+ccWuoqWF0+W2zYClnFt+ArtHtUq1YbuUm57PPhwYg2Cg7pqVXMiU=
X-Received: by 2002:a17:902:6bca:: with SMTP id m10mr7924371plt.331.1572548732699; Thu, 31 Oct 2019 12:05:32 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <>
In-Reply-To: <>
From: David Benjamin <>
Date: Thu, 31 Oct 2019 15:05:16 -0400
Message-ID: <>
To: Willy Tarreau <>
Cc: =?UTF-8?Q?Bence_B=C3=A9ky?= <>, Mike Bishop <>, HTTP Working Group <>
Content-Type: multipart/alternative; boundary="0000000000009b4608059639885b"
Received-SPF: pass client-ip=2607:f8b0:4864:20::634;;
X-W3C-Hub-Spam-Status: No, score=-11.2
X-W3C-Scan-Sig: 1iQFlG-0000vK-QS 6c992e69fca1c429ebeba5e1338b3bc4
Subject: Re: HTTP/2 GREASE, Results, and Implications
Archived-At: <>
X-Mailing-List: <> archive/latest/37093
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

On Thu, Oct 31, 2019 at 1:18 PM Willy Tarreau <> wrote:

> On Thu, Oct 31, 2019 at 01:08:53PM -0400, Bence Béky wrote:
> > Thanks, Willy, for pointing out the different sections of RFC7540
> > concerning unknown frame types.  It seems to me that for the past few
> days
> > Chrome (on certain channels) has been sending frames on half-closed
> > (remote) streams.  It might be worth fixing that and re-running the
> > experiment.  I'll circle back with results if we end up doing that.
> OK. I have a pending patch ready for testing on the haproxy front which
> addresses this mismatch. The only thing is that chrome beta doesn't seem
> to be available on linux so I constantly have to bother other people for
> testing, which takes time :-/

Chrome beta (also dev channel) should be available on Linux. See (Or if you've already
gotten the apt repository added, I believe the google-chrome-beta package
should work.) It also uses a separate profile directory, so it won't
conflict with your usual install. Hopefully that'll ease testing.

> Regarding the impacts on our uesrs of anoyher test, I'm not much worried
> of the risk to break a few sites running unfixed versions of haproxy if
> a new Chrome version enables the test again; we've faced some hard to
> diagnose bugs not too long ago and users are trained to disable H2 if
> something really bad happens. Of course it's not desirable but it's not
> as if everything definitely broke. Also our community tends to be quite
> reactive when it comes to applying important fixes. Thus I full support
> restarting the test ASAP :-)
> Cheers,
> Willy