Unable to Query DoH with `tls none` and Plain HTTP

[Jakob Bohm]

On 2024-01-01 16:38, Ondřej Surý wrote:

>> On 1. 1. 2024, at 15:19, r1wcp42w at bbqporkmccity.com wrote:
>>
>> Thank you very much, I was unaware of the HTTP/2 requirement and was assuming it is a bug. Is there any reason for omitting the HTTP/1.1 upgrade part of the protocol?
> It would be additional complexity that's really not needed. The HTTP/2 library (libnghttp) doesn't provide HTTP/1.1 implementation,
> so we would have to bolt something own for a little gain. And it would increase an attack surface as it would be yet another protocol
> open to the world that can have bugs in it.
Funny, given that HTTP/2 (the spec) had a CVE against it last October,
while HTTP/0.9 and HTTP/1.x did not.

Having the DoH server as a standalone process talking to DNS/TCP would
be a solid implementation given the constant flow of changes made to
HTTP(S) by the Big 5.

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded