Hackaday - Security This Week: Racoons in My TLS, Bypassing Frontends, and Obscurity

Jake Miller's recent blog on h2c request smuggling was covered in Hackaday. In the post, Jake demonstrates how upgrading HTTP/1.1 connections to lesser-known HTTP/2 over cleartext (h2c) connections can allow a bypass of reverse proxy access controls, and lead to long-lived, unrestricted HTTP traffic directly to back-end servers.