zlacker

[parent] [thread] 1 comments
1. no_tim+(OP)[view] [source] 2023-07-25 04:31:02
Can you post the relevant part of the spec or discussion of it? This sounds wack but I'm not seeing it.
replies(1): >>superk+Oe
2. superk+Oe[view] [source] 2023-07-25 06:48:49
>>no_tim+(OP)
The spec suggested defaults don't matter when all current HTTP/3 implementations will not let compiled software users connect to a site with a self-signed cert (or none at all).

But also the spec itself is bad: "MUST" in capital letters when talking about setting up the HTTP3 endpoint and verifying the cert. https://datatracker.ietf.org/doc/rfc9114/

There are compile-time flags you can use to enable it in the QUIC HTTP/3 libs you can then manually link when compiling your personal browser. But with Google/Microsoft/Apple/Mozilla browser binaries used by the public they will not be able to connect.

[go to top]