A detailed exploration of how clients and servers negotiate and bootstrap connections using HTTP/1.1, HTTP/2, and HTTP/3, covering redirects, TLS, ALPN, Alt-Svc, HSTS, and DNS records. It also discusses the complexities of upgrading to HTTP/3 and the behavior of different browsers.
The SVCB and HTTPS resource records allow you to speed up your time-to-first-packet (by basically stuffing the Alt-Svc HTTP header / ALPN TLS extension into the DNS); let you do redirection on the zone apex without using CNAMEs; allow for simple DNS load distribution and failover; obviate HSTS and the cumbersome preloading process; and enable stronger privacy protections via Encrypted Client Hello aka ECH
$ dumpcap -w some.pcapng -f "host example.com"
$ SSLKEYLOGFILE=some.keys curl https://example.com
$ editcap --inject-secrets tls,some.keys some.pcapng some-with-keys.pcapng
Now you can load some-with-keys.pcapng in Wireshark 3.0 or newer without
requiring any further configuration and have its
$ SSLKEYLOGFILE=some.keys curl https://example.com
$ editcap --inject-secrets tls,some.keys some.pcapng some-with-keys.pcapng
Now you can load some-with-keys.pcapng in Wireshark 3.0 or newer without
requiring any further configuration and have its
