1265578519
commented
1 month ago 源站仅限h2 http + h2 https访问的话,那么kangle由于无法成功回源会遇到报错 http2: unexpected ALPN protocol all retry attempts failed
Open 1265578519 opened 1 month ago
1265578519
commented
1 month ago 源站仅限h2 http + h2 https访问的话,那么kangle由于无法成功回源会遇到报错 http2: unexpected ALPN protocol all retry attempts failed
keengo99
commented
1 month ago 在服务器扩展中,端口后面可以加 sp可以启用http2连接上游.如 443sp
------------------ 原始邮件 ------------------ 发件人: "keengo99/kangle" @.>; 发送时间: 2024年10月14日(星期一) 凌晨0:17 @.>; @.***>; 主题: [keengo99/kangle] kangle hosts模块,443s的https访问 Client Hello中alpn没有包含h2,是不支持h2回源吗? (Issue #76)
kangle hosts模块,443s的https访问 Client Hello中alpn没有包含h2,是不支持h2回源吗?
是否应当支持http的h2回源,和https的h2回源
比如chrome浏览器,握手阶段会和服务器声明支持h2,kangle在回源的时候,应该和源站服务器声明alpn(application_layer_protocol_negotiation)
image.png (view on web)
Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 323 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 319 Version: TLS 1.2 (0x0303) Random: 4840d63e798248802be7322eb67bfee5b43e75c7e8ca0ff7057fcc74cd84f2d0 GMT Unix Time: May 31, 2008 12:38:22.000000000 中国标准时间 Random Bytes: 798248802be7322eb67bfee5b43e75c7e8ca0ff7057fcc74cd84f2d0 Session ID Length: 32 Session ID: 881590f3d8fc2381c06c0d739fcbe6d8679b3606d604f40e8df257bb618e8de5 Cipher Suites Length: 62 Cipher Suites (31 suites) Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302) Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303) Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f) Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) Cipher Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xccaa) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d) Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) Compression Methods Length: 1 Compression Methods (1 method) Compression Method: null (0) Extensions Length: 184 Extension: server_name (len=16) name=192.168.1.2 Type: server_name (0) Length: 16 Server Name Indication extension Server Name list length: 14 Server Name Type: host_name (0) Server Name length: 11 Server Name: 192.168.1.2 Extension: ec_point_formats (len=4) Type: ec_point_formats (11) Length: 4 EC point formats Length: 3 Elliptic curves point formats (3) EC point format: uncompressed (0) EC point format: ansiX962_compressed_prime (1) EC point format: ansiX962_compressed_char2 (2) Extension: supported_groups (len=12) Type: supported_groups (10) Length: 12 Supported Groups List Length: 10 Supported Groups (5 groups) Supported Group: x25519 (0x001d) Supported Group: secp256r1 (0x0017) Supported Group: x448 (0x001e) Supported Group: secp521r1 (0x0019) Supported Group: secp384r1 (0x0018) Extension: session_ticket (len=0) Type: session_ticket (35) Length: 0 Session Ticket: <MISSING> Extension: application_layer_protocol_negotiation (len=11) Type: application_layer_protocol_negotiation (16) Length: 11 ALPN Extension Length: 9 ALPN Protocol ALPN string length: 8 ALPN Next Protocol: http/1.1 Extension: encrypt_then_mac (len=0) Type: encrypt_then_mac (22) Length: 0 Extension: extended_master_secret (len=0) Type: extended_master_secret (23) Length: 0 Extension: signature_algorithms (len=48) Type: signature_algorithms (13) Length: 48 Signature Hash Algorithms Length: 46 Signature Hash Algorithms (23 algorithms) Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403) Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503) Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603) Signature Algorithm: ed25519 (0x0807) Signature Algorithm: ed448 (0x0808) Signature Algorithm: rsa_pss_pss_sha256 (0x0809) Signature Algorithm: rsa_pss_pss_sha384 (0x080a) Signature Algorithm: rsa_pss_pss_sha512 (0x080b) Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) Signature Algorithm: rsa_pss_rsae_sha384 (0x0805) Signature Algorithm: rsa_pss_rsae_sha512 (0x0806) Signature Algorithm: rsa_pkcs1_sha256 (0x0401) Signature Algorithm: rsa_pkcs1_sha384 (0x0501) Signature Algorithm: rsa_pkcs1_sha512 (0x0601) Signature Algorithm: SHA224 ECDSA (0x0303) Signature Algorithm: ecdsa_sha1 (0x0203) Signature Algorithm: SHA224 RSA (0x0301) Signature Algorithm: rsa_pkcs1_sha1 (0x0201) Signature Algorithm: SHA224 DSA (0x0302) Signature Algorithm: SHA1 DSA (0x0202) Signature Algorithm: SHA256 DSA (0x0402) Signature Algorithm: SHA384 DSA (0x0502) Signature Algorithm: SHA512 DSA (0x0602) Extension: supported_versions (len=9) TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0 Type: supported_versions (43) Length: 9 Supported Versions length: 8 Supported Version: TLS 1.3 (0x0304) Supported Version: TLS 1.2 (0x0303) Supported Version: TLS 1.1 (0x0302) Supported Version: TLS 1.0 (0x0301) Extension: psk_key_exchange_modes (len=2) Type: psk_key_exchange_modes (45) Length: 2 PSK Key Exchange Modes Length: 1 PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1) Extension: key_share (len=38) x25519 Type: key_share (51) Length: 38 Key Share extension Client Key Share Length: 36 Key Share Entry: Group: x25519, Key Exchange length: 32 Group: x25519 (29) Key Exchange Length: 32 Key Exchange: 42c3aca3f765b58a8f57e1725a8d4dc8274031cd30040653dd6d4638d0bad048 [JA4: t13d3111h1_e8f1e7e78f70_5ac7197df9d2] [JA4_r [truncated]: t13d3111h1_002f,0033,0035,0039,003c,003d,0067,006b,009c,009d,009e,009f,00ff,1301,1302,1303,c009,c00a,c013,c014,c023,c024,c027,c028,c02b,c02c,c02f,c030,cca8,cca9,ccaa_000a,000b,000d,0016,0017,0023,002b,002d,0033_0403,0503] [JA3 Fullstring: 771,4866-4867-4865-49196-49200-159-52393-52392-52394-49195-49199-158-49188-49192-107-49187-49191-103-49162-49172-57-49161-49171-51-157-156-61-60-53-47-255,0-11-10-35-16-22-23-13-43-45-51,29-23-30-25-24,0-1-2] [JA3: 1ce565f411fbc7412e3c5ba0bcfd62ab]
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: @.***>
1265578519
commented
1 month ago 对于https的h2回源居然加个sp就行吗 http回源能支持h2吗,难道是写80p
1265578519
commented
2 weeks ago 在服务器扩展中,端口后面可以加 sp可以启用http2连接上游.如 443sp
host模块不行,,,写443sp直接被吃了,p不见了
扩展服务器里面虽然可以写,虽然是h2回源,但是发起的版本是tls1.0,对方要求最低版本是tls1.2,导致握手失败
TLSv1 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 312
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 308
Version: TLS 1.2 (0x0303)
Random: 7465708b3d4373114ce197d7a49b65230020dbef0b69400fb121a22d7490730c
GMT Unix Time: Nov 19, 2031 05:50:03.000000000 中国标准时间
Random Bytes: 3d4373114ce197d7a49b65230020dbef0b69400fb121a22d7490730c
Session ID Length: 0
Cipher Suites Length: 172
Cipher Suites (86 suites)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_DH_DSS_WITH_AES_256_GCM_SHA384 (0x00a5)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)
Cipher Suite: TLS_DH_RSA_WITH_AES_256_GCM_SHA384 (0x00a1)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA256 (0x0069)
Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA256 (0x0068)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037)
Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036)
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0086)
Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0085)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (0xc032)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02e)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xc02a)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (0xc026)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_DH_DSS_WITH_AES_128_GCM_SHA256 (0x00a4)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
Cipher Suite: TLS_DH_RSA_WITH_AES_128_GCM_SHA256 (0x00a0)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA256 (0x003f)
Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA256 (0x003e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA (0x0031)
Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA (0x0030)
Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x009a)
Cipher Suite: TLS_DHE_DSS_WITH_SEED_CBC_SHA (0x0099)
Cipher Suite: TLS_DH_RSA_WITH_SEED_CBC_SHA (0x0098)
Cipher Suite: TLS_DH_DSS_WITH_SEED_CBC_SHA (0x0097)
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0043)
Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0042)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_SEED_CBC_SHA (0x0096)
Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA (0x0010)
Cipher Suite: TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA (0x000d)
Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_RSA_WITH_IDEA_CBC_SHA (0x0007)
Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 95
Extension: server_name (len=6) name=.
Type: server_name (0)
Length: 6
Server Name Indication extension
Server Name list length: 4
Server Name Type: host_name (0)
Server Name length: 1
Server Name: .
Extension: ec_point_formats (len=4)
Type: ec_point_formats (11)
Length: 4
EC point formats Length: 3
Elliptic curves point formats (3)
EC point format: uncompressed (0)
EC point format: ansiX962_compressed_prime (1)
EC point format: ansiX962_compressed_char2 (2)
Extension: supported_groups (len=10)
Type: supported_groups (10)
Length: 10
Supported Groups List Length: 8
Supported Groups (4 groups)
Supported Group: secp256r1 (0x0017)
Supported Group: secp521r1 (0x0019)
Supported Group: secp384r1 (0x0018)
Supported Group: secp256k1 (0x0016)
Extension: session_ticket (len=0)
Type: session_ticket (35)
Length: 0
Session Ticket: <MISSING>
Extension: signature_algorithms (len=32)
Type: signature_algorithms (13)
Length: 32
Signature Hash Algorithms Length: 30
Signature Hash Algorithms (15 algorithms)
Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
Signature Algorithm: SHA512 DSA (0x0602)
Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
Signature Algorithm: SHA384 DSA (0x0502)
Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
Signature Algorithm: SHA256 DSA (0x0402)
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature Algorithm: SHA224 RSA (0x0301)
Signature Algorithm: SHA224 DSA (0x0302)
Signature Algorithm: SHA224 ECDSA (0x0303)
Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
Signature Algorithm: SHA1 DSA (0x0202)
Signature Algorithm: ecdsa_sha1 (0x0203)
Extension: heartbeat (len=1)
Type: heartbeat (15)
Length: 1
Mode: Peer allowed to send requests (1)
Extension: application_layer_protocol_negotiation (len=14)
Type: application_layer_protocol_negotiation (16)
Length: 14
ALPN Extension Length: 12
ALPN Protocol
ALPN string length: 2
ALPN Next Protocol: h2
ALPN string length: 8
ALPN Next Protocol: http/1.1
[JA4: t12d8607h2_e18388e7f3a3_a1e935682795]
[JA4_r […]: t12d8607h2_0004,0005,0007,000a,000d,0010,0013,0016,002f,0030,0031,0032,0033,0035,0036,0037,0038,0039,003c,003d,003e,003f,0040,0041,0042,0043,0044,0045,0067,0068,0069,006a,006b,0084,0085,0086,0087,0088,0096,0097,0098,0099,009a,]
[JA3 Fullstring […]: 771,49200-49196-49192-49188-49172-49162-165-163-161-159-107-106-105-104-57-56-55-54-136-135-134-133-49202-49198-49194-49190-49167-49157-157-61-53-132-49199-49195-49191-49187-49171-49161-164-162-160-158-103-64-63-62-51]
[JA3: d9de15a1780d01036870b1080bd56630]
可以看一楼的信息,之前明明是TLSv1.2,为什么3.6反而变成了TLSv1.0
1265578519
commented
2 weeks ago 而且,,,sni为一个"."或者ip地址的情况下,不应该发起sni字样
1265578519
commented
2 weeks ago sni为空的情况下,甚至kangle还会虚假填充一个 www.example.com 字样给源服务器,毛病太多啦!
kangle hosts模块,443s的https访问 Client Hello中alpn没有包含h2,是不支持h2回源吗? 是否应当支持http的h2回源,和https的h2回源 比如chrome浏览器,握手阶段会和服务器声明支持h2,kangle在回源的时候,应该和源站服务器声明alpn(application_layer_protocol_negotiation)
以下是kangle回源的 Client Hello信息