#http1 — Public Fediverse posts

Httpz – Zero-Allocation HTTP/1.1 Parser for OxCaml

https://github.com/avsm/httpz

#HackerNews #Httpz #ZeroAllocation #HTTP1.1 #Parser #OxCaml #OpenSource

🎉 #Quad9 has finally decided to retire something nobody even knew existed! 🚀 By December 2025, HTTP/1.1 will be laid to rest, and Quad9 will bravely venture into the future of internet protocols...with the speed of a sloth on a lazy Sunday. 🤦‍♂️
https://quad9.net/news/blog/doh-http-1-1-retirement/ #HTTP1.1 #Retirement #InternetProtocols #FutureOfTech #SlothSpeed #HackerNews #ngated

🎉 #Quad9 has finally decided to retire something nobody even knew existed! 🚀 By December 2025, HTTP/1.1 will be laid to rest, and Quad9 will bravely venture into the future of internet protocols...with the speed of a sloth on a lazy Sunday. 🤦‍♂️
https://quad9.net/news/blog/doh-http-1-1-retirement/ #HTTP1.1 #Retirement #InternetProtocols #FutureOfTech #SlothSpeed #HackerNews #ngated

🎉 #Quad9 has finally decided to retire something nobody even knew existed! 🚀 By December 2025, HTTP/1.1 will be laid to rest, and Quad9 will bravely venture into the future of internet protocols...with the speed of a sloth on a lazy Sunday. 🤦‍♂️
https://quad9.net/news/blog/doh-http-1-1-retirement/ #HTTP1.1 #Retirement #InternetProtocols #FutureOfTech #SlothSpeed #HackerNews #ngated

🎉 #Quad9 has finally decided to retire something nobody even knew existed! 🚀 By December 2025, HTTP/1.1 will be laid to rest, and Quad9 will bravely venture into the future of internet protocols...with the speed of a sloth on a lazy Sunday. 🤦‍♂️
https://quad9.net/news/blog/doh-http-1-1-retirement/ #HTTP1.1 #Retirement #InternetProtocols #FutureOfTech #SlothSpeed #HackerNews #ngated

I published a new #IETF draft last week for a proposed defense against #HRS (HTTP Request Smuggling) vulnerabilities in HTTP/1.1. It's intended for use between Intermediaries (eg, CDNs and reverse proxies) and origin servers. It uses TLS Exporters (or other keys in a local context) to cryptographically protect message context (eg, the equivalent of H2 and H3 stream IDs) but in a way that attackers can't influence. It is still an early-stage -00 draft so I'm looking for general interest from potential implementers.

https://datatracker.ietf.org/doc/html/draft-nygren-httpbis-http11-request-binding

#http1

Oh great, another "HTTP/1.1 must die" #manifesto from the tech prophets 🗣️💀. Because clearly, if we don't bury HTTP/1.1, the internet will implode and take all our cat memes with it. 🙄🥱
https://portswigger.net/research/http1-must-die #HTTP1.1MustDie #TechProphets #InternetDebate #CatMemes #HackerNews #ngated

HTTP/1.1 must die: the desync endgame

https://portswigger.net/research/http1-must-die

#HackerNews #HTTP1.1 #Must #Die #desync #endgame #HTTP #Protocol #Cybersecurity #WebDevelopment

🚀 Oh no, HTTP/1.1 is a ticking time bomb! 🕰️ Quick, everybody panic and head to Black Hat for the exclusive reveal on how to save the internet, or just watch as James Kettle becomes the new Internet superhero. 🎩⚔️ Follow along, because nothing screams "secure internet" like attending a hacker convention for the latest apocalypse update. 🌐🔥
https://http1mustdie.com/ #HTTP1.1 #Crisis #BlackHat #InternetSecurity #JamesKettle #HackerConvention #HackerNews #ngated

#TIL: There are two ways to trigger use of the #HTTP3 / #QUIC #protocol in #webbrowsers:

#Chromium and #Firefox #browsers always start with #HTTP1 / #HTTP2, look for the “alt-svc” header in the response and switch to HTTP3 for subsequent requests if they find it. I knew that much.

But #Safari will instead query #DNS for the "#HTTPS" record and use that as a trigger. So it can work HTTP3-only for the cost of an additional DNS query. Unfortunately, the record type isn't widely supported yet.