6

gRPC is based on http2 which must be use ssl. But I found I can create use insecure server.

I want to know insecure means that don't use ssl or use predefined certificate for http2?

XGHeaven
  • 1,696
  • 2
  • 14
  • 17

1 Answers1

12

HTTP/2 does not insist on SSL/TLS. But all web browsers only implement HTTP2 over SSL/TLS because of problems when using it over plaintext HTTP over the Internet. So if not using a web browser but another HTTP/2 client than you can use HTTP/2 without SSL/TLS.

So yes insecure gRPC is using an unencrypted HTTP/2 connection (h2c). Though some implementations do not support this, similar to how web browsers do not support unencrypted HTTP/2 (h2c).

Barry Pollard
  • 40,655
  • 7
  • 76
  • 92
  • 1
    The answer is correct, but I would replace the "plaintext" with "unencrypted". Since HTTP/2 still uses a binary (and not textual) frame encoding. – Matthias247 Jun 25 '18 at 03:16