http request response message version number for persistent conexns?

Started by blueberry123, May 30, 2022, 12:55:58 AM

Previous topic - Next topic

blueberry123

title-: What combination and permutation of version number should/can be used in request and response messages for persistent HTTP connections?

You can ignore rest of the post and just tell me the version number combinations that are allowed for persistent connections and little bit of why. I thought only 1.1 in request and 1.1 in response was allowed but I am seeing textbooks which are using combinations of 1.0 and 1.1, and 1.0 and 1.0 in request and response messages.


And for simplicity can I just used 1.1 both in request and response in these below figures instead for persistent connections?


Rest of the post-:

Image link-: https://i.stack.imgur.com/tsYd8.png


should not we use 1.1 there as that is the version of http for persistent connection? I don't understand this.

My confusion came due to this paragraph in the book.

Image link-:https://i.stack.imgur.com/85n34.png

HTTP 1.0 is non-persistent whereas HTTP 1.1 is persistent.

Here in figure 8-9 b), we are using persistent connection. But the version of HTP we are using is 1.0.


Remaining page just for context(same page as 1st red arrow confusion)-:

Image link-: https://i.stack.imgur.com/c8k1R.png

And for simplicity can I just used 1.1 both in request and response in these figures for persistent connections?




BELOW THIS ISN'T REQUIRED TO BE READ FOR ANSWERING THIS QUESTION


Not sure if they are related to my question, but I found them while googling about the issue.
According to RFC-:

"An HTTP client SHOULD send a request version equal to the highest
   version for which the client is at least conditionally compliant, and
   whose major version is no higher than the highest version supported
   by the server, if this is known.  An HTTP client MUST NOT send a
   version for which it is not at least conditionally compliant."

Not sure exactly what this would translate to.

https://stackoverflow.com/questions/57334986/why-is-http-version-number-presented-in-both-a-request-line-and-a-status-line

"An HTTP server SHOULD send a response version equal to the highest version for which the server is at least conditionally compliant, and whose major version is less than or equal to the one received in the request. An HTTP server MUST NOT send a version for which it is not at least conditionally compliant. A server MAY send a 505 (HTTP Version Not Supported) response if cannot send a response using the major version used in the client's request."

This means-:
if server supports 1.1, then for both 1.1 and 1.0 requests, it should respond with 1.1 response
if server supports only 1.0, then respond 1.1 request with 1.0 response




deanwebb

Yes. :smug:

This is common in all well-written protocols. The endpoint initiating the connection will propose the highest version it can support. If yes, then the receiving endpoint will respond that it can support that version. If no, then the receiving endpoint will either respond with a rejection (error message will indicate unsupported version) or propose a lesser version that it supports. If lesser version proposed, then the initiating endpoint will accept if that is OK or reject with unsupported version if the lesser version is not supported.

In security, this has strong implications for TLS, as some environments may choose to ONLY permit the latest version and an insecure connection at a lower TLS version is forbidden.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

:professorcat:

My Moral Fibers have been cut.