nghttp2.org was approved as OSS project by GlobalSign and they offered us wild card certificate for free. Now https://nghttp2.org has valid SSL/TLS certificate. No more red screen and no more -k option is required to access this site. Thank you to GlobalSign for supporting open source community.

We added -p and --no-tls-proto option to h2load in order to support SPDY in clear text.

Previously h2load supports SPDY only for https URI. This is because SPDY has no mechanism to negotiate its protocol version without ALPN/NPN. With -p option, user can specify the ALPN identifier to use when http URI (in clear text) is used.

Almost all SPDY enabled public web servers are now deployed with SSL/TLS. But inside the server farm, between SSL/TLS terminator and backend server may communicate SPDY in clear text. This option is very handy to perform load tests for those SPDY servers.

Now this nghttp2 public test server can be accessible via nghttp2.org and you don’t have to remember cryptic IP address. The SSL/TLS certificate is still self-signed, we are preparing valid one so stay tuned.

Let me summarize the current status of the public test server. The supported HTTP/2 protocol is HTTP/2 draft-11.

We offer HTTP/2 over TLS, identified by h2-11 in ALPN, at the port 443. We also offer SPDY/3.1 and HTTP/1.1 on that port as a fallback. Again, the certificate is self-signed at the time of this writing.

We offer HTTP/2 over (plain, non-encrypted) TCP, identified by h2c-11, at the port 80. We also offer HTTP/1.1 on that port as a fallback. We support HTTP Upgrade in HTTP/1.1 connection to HTTP/2. The details of how to perform HTTP Upgrade from HTTP/1.1 to HTTP/2 is described in here. We advertise h2-11 in Alt-Svc header field and ALTSVC HTTP/2 frame on this port.

You can use nghttp CLI client, which is included in nghttp2 repository, to access to both services.

At the time of this writing, “special build” Mozilla Firefox is the only web browser that can speak h2-11. You can find the link to download it in here. Firefox only supports https URI for HTTP/2. This means that there is no browser which can access to this site in plain, non-encrypted HTTP/2. You need to enable HTTP/2 and ALPN in about:config as described in the above link. You may also need to set security.use_mozillapkix_verification to false to access to this site (See here about this configuration parameter).