How To Force User Agents To Use Later Available Version of HTTP?

Question

A OpenLiteSpeed Web Server is running on AlmaLinux 8.

HTTP/1.1, HTTP/2 and HTTP/3 QUIC are enabled.

80/tcp, 443/tcp and 443/udp ports are open publicly and permanently.

The server is sending the below alt-svc header:

h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

The setup has been tested positive by http3check succcessfully.

But the user agents, I mean, browsers are connecting through HTTP/1.1 most of the times. HTTP/2 are used by them sometimes. Usage of HTTP/3 is mere.

What should be done to tell the browsers to prefer later versions of HTTP?

Answer 1

What should be done to tell the browsers to prefer later versions of HTTP?

In order to use HTTP/3

• The browser needs to have implemented it
• It must be able to communicate with UDP port 443 to your server. This means that HTTP/3 will not be used, if a HTTP or SOCKS proxy is involved (no UDP) or if UDP port 443 is blocked. Blocking is often done to enforce use of HTTP/2 or HTTP/1 in order to easy deep packet inspection

In order to use HTTP/2

• The browser needs to have implemented it
• It must be able to have connection to the server without SSL interception. With SSL interception typically the ALPN TLS extension is not forwarded to the server, but this extension is used to declare support for HTTP/2 to the server. Without this extension the server will not try. SSL interception is often done in corporate firewalls but also in many antivirus products. The downgrade to HTTP/1 in such cases is a welcome side effect since it makes traffic analysis easier.

Note that none of this here is in control of the server. These are all client-side issues which prevent your server to be accessed with HTTP/3. There is nothing you can do at the server side to fix the client side.