I am surprised that I didn't find this question asked and answered recently. Maybe this issue is newer than I realize. I understand that support of HTTPS/2 is in development but I'd like to better understand what is and is not currently supported. I discovered the other day that an intercepted client https connection, which included both h2 and http/1.1 in the ALPN extension, was tunneled when the server responded with only h2. I'm assuming that was due to squid not fully supporting HTTP/2. My initial need is to prevent the tunnel. Preferably by forcing http/1.1 and bumping but just denying the connection is second best. I'm not aware of any squid built-in mechanisms to manage ALPN or HTTP/2 so I'm thinking the external_acl is the only way to go. I think the client ALPN data is available at bump step 2 but what options do I have at that point? Help or corrections to my assumptions are appreciated. Senor _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
