Type
Product improvement
Description
Origin pulls by cloudflare appear to only support h2, not h2c. I verified this by looking at the logs from an origin server connected over a cloudflare tunnel. I confirmed that my origin server actually does support it with “curl -sI --http2-prior-knowledge localhost”. Cloudflare neither attempts h2c on requests, nor attempts upgrades to h2c when pipelining. Interestingly, h2 origin pulls are advertised as being supported when connecting a HTTPS origin over cloudflare tunnels.
Benefit
The benefits of HTTP/2 are well known. Supporting HTTP/2 on HTTP origin pulls would reduce the time needed to load uncached (or partially cached) websites by making the origin pulls faster. Furthermore, it would simplify the setup and maintenance of latency sensitive services over cloudflare tunnels, by not requiring origin certificates to be setup.
Being able to avoid the use of origin certificates would also eliminate a point of failure since origin certificate expiry would take the service offline. That point of failure is currently possible to avoid if you accept the performance issues of HTTP 1.1 origin pulls, but it is impossible to avoid if you are latency sensitive.
Lastly, h2c has lower latency than h2 since it avoids the latency cost of doing encryption calculations and the additional round trips imposed by encryption on connection establishment. Cloudflare tunnels, being already encrypted, make this latency penalty an unnecessary expense. Supporting h2c origin pulls would enable people to configure origin servers over cloudflare tunnels that are not only secure, but are even faster than they are now.