WKD on http2 server

Phil Pennock gnupg-devel at spodhuis.org
Fri Sep 20 01:02:56 CEST 2019


On 2019-09-19 at 10:29 +0200, Erich Eckner via Gnupg-devel wrote:
> We switched off http2 (removed "http2" parameter from nginx' "listen" 
> directive) and key location via wkd workes.

I have nginx 1.16.1 (OpenSSL 1.1.1d) running on FreeBSD using `http2` in
the listen directives for `openpgpkey.spodhuis.org` and GnuPG (2.2.17)
works with it.

gpg -v --auto-key-locate clear,nodefault,wkd --locate-key phil.pennock@${ThatDomain}

Loosely, if a client doesn't speak HTTP/2 then it won't try to negotiate
it and so won't be affected by it.  What _might_ happen is a client
built with a library which can speak HTTP/2 and the client making
something like case-sensitive header name assumptions.

But if there are bad interactions then it's not as simple as "GnuPG is
not compatible with nginx servers which enable HTTP/2 support".  Since
that works for me.

-Phil



More information about the Gnupg-devel mailing list