Check If Server Supports SPDY / HTTP/2

Objective: Check if a server supports SPDY and/or HTTP/2 protocols.

SPDY is a web protocol developed by Google for transporting web content. HTTP/2 is based on SPDY and was developed by the Hypertext Transfer Protocol working group of IETF. The primary goal of both these protocols is to reduce web page load time by prioritizing and multiplexing the transfer of web page sub-resources so that only one connection per client is required.

SPDY only works over TLS. HTTP/2 can work on either HTTP or TLS but current browsers only support HTTP/2 over TLS.

There are two ways that I know of to check if a web server has support for either SPDY and/or HTTP/2 protocols. One is by using openssl and the other is by using nmap. The basic idea is to add the next protocol negotiation extension in the client hello packet and parse the returned server hello’s NPN extension data.

With openssl, we need to use s_client. To check if the site www.google.com supports SPDY and/or HTTP/2, we can use the following syntax. 443 is the default port number for HTTPS/TLS.

The output gives the list of supported protocols for www.google.com. We can see that it supports 3 protocols – HTTP/2 (h2), SPDY (spdy/3.1) and HTTP/1.1 (http/1.1).

To scan using nmap, we need to use the tls-nextprotoneg script. Run nmap using the following syntax to get the supported protocol list.

As you can see, nmap is giving us the same result. The supported protocols are HTTP/2 (h2), SPDY (spdy/3.1) and HTTP/1.1 (http/1.1).

ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }