如何在G-WAN中添加HTTP/2 [英] How to add HTTP/2 in G-WAN

问题描述

我想知道是否有可能通过使用例如解决方案nghttp2( https://nghttp2.org )

I would like to know if it's possible to make G-WAN 100% compatible with HTTP/2 by using for example the solution nghttp2 (https://nghttp2.org)

推荐答案

很抱歉，答案太晚-出于任何原因，Stackoverflow均未通知我们该问题，而我发现它的原因仅是因为已通知了一个较新的问题.

Sorry for the late answer - for any reason Stackoverflow did not notify us this question and I have found it only because a more recent one was notified.

我没有看过这个库，所以我不确定是否可以不经修改就使用它，但是它肯定可以用作基于基于事件的 G-WAN的基础协议处理程序.

I have not looked at this library so I can't tell for sure if it can be used without modifications, but it could certainly be used as the basis of an event-based G-WAN protocol handler.

但是，从 安全 的角度来看，HTTP-2存在严重问题，这就是为什么我们没有在G-WAN中实现它的原因: HTTPS-2允许不同的服务器使用相同的TCP连接-即使它们未在原始TLS证书中列出 .

But, from a security point of view, there are severe issues with HTTP-2, and this is why we have not implemented it in G-WAN: HTTPS-2 lets different servers use the same TCP connection - even if they weren't listed in the original TLS certificate.

这对于合法的应用程序可能很方便，但这是安全性方面的问题:DOH(HTTP-2上的DNS)阻止用户在传统使用的DNS请求级别(主机"文件)阻止(甚至检测到)不需要的主机在各种操作系统中).

That may be handy for legit applications, but that's a problem for security: DOH (DNS over HTTP-2) prevents users from blocking (or even detecting) unwanted hosts at the traditionally used DNS requests level (the "hosts" file in various operating systems).

事实上，这个新的HTTP标准违反了SSL证书的目的，并破坏了域名监视和黑名单.

In facts, this new HTTP standard is defeating the purpose of SSL certificates, and defeating domain-name monitoring and blacklisting.

这纯粹是理论上的威胁吗?

Is it purely a theoretical threat?

Google ads 注入旨在同时攻击客户端和服务器端 的恶意软件.

Google ads have been used in the past to inject malware designed to attack both the client and server sides.

这篇关于如何在G-WAN中添加HTTP/2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！