Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:111224
Return-Path: <php@golemon.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 96132 invoked from network); 28 Jul 2020 17:49:47 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 28 Jul 2020 17:49:47 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 1DD89180533
	for <internals@lists.php.net>; Tue, 28 Jul 2020 09:45:46 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: *
X-Spam-Status: No, score=1.4 required=5.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_SOFTFAIL autolearn=no
	autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <php@golemon.com>
Received: from mail-lj1-f178.google.com (mail-lj1-f178.google.com [209.85.208.178])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue, 28 Jul 2020 09:45:45 -0700 (PDT)
Received: by mail-lj1-f178.google.com with SMTP id s16so6650224ljc.8
        for <internals@lists.php.net>; Tue, 28 Jul 2020 09:45:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=tj8oSY7GmbFSFtgwdMBdBLg6JmI3WDj1lWuzyKj2hcM=;
        b=GjCb2LARLJwm2OtQsSFaOmpE/rnORI01IHu2FACUu6JdXBU5fNQn7CljaLdIXWIkO/
         DWIqeBSDfazS9MOI0GdRVoLPWngYb0hnHEJ0kxGrO0QOFMOUtOY7g/LIUAhHvKMrYRM3
         cMzYm+jCJD4GdlUa8aG75RzSYrYvS/R5TsFTU8klcsx30KfGak+c77TGDHf/YSx5lm/H
         EI/LpcFkcFE/aJhTBFW0Bvx0KMM9TmIQiO3bMUMK4+kphvJmSz2y4vOxjPOP1mEhC381
         6uB1K7URixEV60CH9uIqY72Y3YoC34s4X8TN0kolLLjQc/lxpvRJpr/O8L4cYsa71+bn
         Y8ZQ==
X-Gm-Message-State: AOAM5323P+k6TUHWoWO9/SB8icKBKXWR5gmvH39s7Di/7jI9Mzf7/nBy
	Ltv3gBsRiCZqG5olTfpB0nTLdo5KFtdqDH7CisPerg==
X-Google-Smtp-Source: ABdhPJx+4F3Dlt9LfUxr9ZeJcljcALbcS1uuQkgrUm2Z2NV1Xp9Ykc6NVAi0tWyWu+GFl8PVMEYRotFAA1cpnhZdUqs=
X-Received: by 2002:a2e:9792:: with SMTP id y18mr13613087lji.172.1595954741685;
 Tue, 28 Jul 2020 09:45:41 -0700 (PDT)
MIME-Version: 1.0
References: <e827814f-8a4e-4388-bc82-47c244aad978@gmail.com>
 <9d28ade6-1a70-9850-3bc0-64050c0dcbe4@gmail.com> <CAESVnVrajMYWoV9ce6xndsXKszTseP2UJcK_6VN0e_hGDa6SYg@mail.gmail.com>
 <CALKiJKq3X+jV3r9dMFOu_FynpZCjj7j2Bqk7SvAH4mb7uQdfZg@mail.gmail.com>
In-Reply-To: <CALKiJKq3X+jV3r9dMFOu_FynpZCjj7j2Bqk7SvAH4mb7uQdfZg@mail.gmail.com>
Date: Tue, 28 Jul 2020 11:45:30 -0500
Message-ID: <CAESVnVq-vPU64puFmreDstH6iLC--9MiQ4-2xA3Goey+MfZXCA@mail.gmail.com>
To: Rowan Tommins <rowan.collins@gmail.com>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="00000000000074c66c05ab832b05"
Subject: Re: [PHP-DEV] Re: HTTP/1.1 by default in PHP 8.0
From: pollita@php.net (Sara Golemon)

--00000000000074c66c05ab832b05
Content-Type: text/plain; charset="UTF-8"

On Tue, Jul 28, 2020 at 3:52 AM Rowan Tommins <rowan.collins@gmail.com>
wrote:

> The risk of advertising 1.0 by default is that some software will have been
> programmed to outright refuse that protocol version. I don't know of any
> recent examples, but this bug report from 2007 was for a SOAP endpoint that
> returned 505 Version Not Supported: https://bugs.php.net/bug.php?id=43069
> Notably, Dmitry's patch for that bug made sure the protocol context option
> is honoured by ext/soap, but also specifically defaulted it to HTTP/1.1 as
> of PHP 5.3.
>
> The risk of advertising 1.1 by default is that some software will respond
> with a more complex response, and trigger some bug in our response parsing.
> This was previously the case with detecting "Transfer-Encoding: chunked"
> headers, for instance. By advertising 1.0, we may be benefitting from
> servers "downgrading" their response.
>
> In practice, a large amount of software appears to do neither, and simply
> replies with an HTTP/1.1 response to a HTTP/1.0 request. This is why I talk
> about "advertising" versions - in practice, the code is always acting as an
> HTTP/1.1 client, e.g. sending "Connection: Close", and listening for
> Transfer-Encoding, because it's increasingly rare for a server to actually
> honour the 1.0 spec.
>
> The "servers have a bad habit of ignoring this anyway" argument is
probably true, but it sort of takes the wind out of BOTH of the other two
points. :)

I'm not going to object to merging it, the worst case scenario is that a
few app developers will learn the protocol version option exists and have
to set "1.0" manually.  Even that is a low probability.  Probably better in
the long-term to inch our way forward and advertise a protocol that was
introduced... checks notes... 21 years ago.

-Sara

--00000000000074c66c05ab832b05--