Skip to content

[feature] Enable HTTP/2 for jetty#6485

Merged
joewiz merged 1 commit into
eXist-db:developfrom
dizzzz:feature/http2
Jun 17, 2026
Merged

[feature] Enable HTTP/2 for jetty#6485
joewiz merged 1 commit into
eXist-db:developfrom
dizzzz:feature/http2

Conversation

@dizzzz

@dizzzz dizzzz commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Member

outcome:

(plain)

curl -i http://localhost:8080/exist/apps/dashboard/index.html            
HTTP/1.1 200 OK
Server: Jetty(12.1.10)
Date: Tue, 16 Jun 2026 20:20:42 GMT
Vary: Accept-Encoding
Last-Modified: Tue, 16 Jun 2026 19:57:47 GMT
Created: Tue, 16 Jun 2026 19:57:47 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 881

(force http2)

curl -i --http2 http://localhost:8080/exist/apps/dashboard/index.html 
HTTP/1.1 101 Switching Protocols
Upgrade: h2c
Connection: Upgrade

HTTP/2 200 
server: Jetty(12.1.10)
date: Tue, 16 Jun 2026 19:45:40 GMT
vary: Accept-Encoding
last-modified: Tue, 16 Jun 2026 19:43:17 GMT
created: Tue, 16 Jun 2026 19:43:17 GMT
content-type: text/html;charset=utf-8
content-length: 881

(https):

curl -i https://localhost:8443/exist/apps/dashboard/index.html --insecure
**HTTP/2 200** 
server: Jetty(12.1.10)
date: Tue, 16 Jun 2026 20:13:41 GMT
vary: Accept-Encoding
last-modified: Tue, 16 Jun 2026 19:57:47 GMT
created: Tue, 16 Jun 2026 19:57:47 GMT
content-type: text/html;charset=utf-8
content-length: 881

Browsers will only use HTTP/2 with Jetty if all the protocol and TLS prerequisites are met; if you see HTTP/1.1 in Safari/Chrome, it usually means you are hitting cleartext HTTP or your HTTPS/ALPN/TLS setup is incomplete.
Key points to check
• Use HTTPS, not HTTP. All major browsers only speak HTTP/2 as  h2  over TLS, not cleartext  h2c , so  http://...  will stay on HTTP/1.1 while  curl --http2-prior-knowledge  can still talk h2c.
• ALPN must advertise  h2 . Your Jetty TLS connector has to be configured with HTTP/2 support (http2 module /  HTTP2ServerConnectionFactory ) and ALPN so that the TLS handshake offers  h2  to the browser.
• Cipher suites and protocol order. HTTP/2 requires modern ciphers; Jetty usually needs you to prefer HTTP/2‑compatible ciphers and list HTTP/2 before HTTP/1.1 in the protocol preference, otherwise some browsers will negotiate down to HTTP/1.1.
• Hostnames and certificates. Use a proper hostname with a certificate whose CN/SAN matches it; some browsers have special rules or limitations for  localhost  or raw IPs with TLS that can interfere with HTTP/2

@dizzzz dizzzz requested a review from reinhapa June 16, 2026 20:11
@dizzzz dizzzz marked this pull request as ready for review June 17, 2026 05:27
@dizzzz dizzzz requested a review from a team as a code owner June 17, 2026 05:27
duncdrum
duncdrum approved these changes Jun 17, 2026
View reviewed changes

@duncdrum duncdrum left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cool

@dizzzz

dizzzz commented Jun 17, 2026

Copy link
Copy Markdown
Member Author

CoPilot:

I'll load the PR understanding ability and then review your PR for HTTP/2 support in Jetty.Now let me fetch the PR details and related information:Now let me get the individual files to review the configuration changes in detail:## Review Summary

Status: ✅ Ready to merge — 2 approvals, clean CI state, solid implementation.

Your HTTP/2 feature implementation is comprehensive and well-configured. Here's my detailed assessment:

✅ What's Done Right

Dependencies: All required Jetty HTTP/2 modules are added with proper scoping:

  • jetty-http2-server — HTTP/2 protocol support
  • jetty-alpn-server + jetty-alpn-java-server — TLS protocol negotiation (ALPN)

Configuration: Your connector setup correctly prioritizes HTTP/2 in the handshake:

<ALPNServerConnectionFactory>
  <protocols>
    <Item>h2</Item>        <!-- HTTP/2 preferred -->
    <Item>http/1.1</Item>  <!-- Fallback -->
  </protocols>
  <defaultProtocol>http/1.1</defaultProtocol>
</ALPNServerConnectionFactory>

Cleartext HTTP/2 (h2c): Enabled via HTTP2CServerConnectionFactory in jetty-http.xml for curl/tooling support.

Security hardening: TLS ciphers strengthened by excluding legacy/weak algorithms (CBC, SHA-only, SSLv2/v3, TLSv1.0/1.1).

Performance: Direct byte buffers enabled (useInputDirectByteBuffers, useOutputDirectByteBuffers) for HTTP/2 efficiency.

Tested: Evidence shows successful HTTP/2 negotiation on HTTPS (h2) and cleartext HTTP (h2c upgrade).

⚠️ Minor Observations

  1. Browser testing: Your test output shows HTTP/2 works over HTTPS and via curl. Consider verifying with real browsers (Chrome, Firefox, Safari) to confirm end-user compatibility.

  2. Backward compatibility: The PR maintains HTTP/1.1 as fallback everywhere, so no breaking changes.

  3. Documentation: No README or release notes changes are included. Consider adding a note about HTTP/2 being now enabled by default for operators.

🎯 Conclusion

The implementation is solid. All key HTTP/2 prerequisites mentioned in your own notes are met:

  • ✅ ALPN advertises h2 over TLS
  • ✅ Modern ciphers enforced
  • ✅ HTTP/2 listed before HTTP/1.1 in protocol preference
  • ✅ Cleartext HTTP/2 upgrade supported

Approved for merge. The two community approvals (duncdrum, line-o) are already in place.

@joewiz joewiz merged commit feb9dda into eXist-db:develop Jun 17, 2026
9 checks passed
@dizzzz dizzzz deleted the feature/http2 branch June 19, 2026 17:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@line-o line-o line-o approved these changes

@duncdrum duncdrum duncdrum approved these changes

@reinhapa reinhapa Awaiting requested review from reinhapa

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@dizzzz @line-o @duncdrum @joewiz