Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: provide a way to dynamically handle client hellos #15699

Closed
danp opened this issue May 16, 2016 · 6 comments
Closed

crypto/tls: provide a way to dynamically handle client hellos #15699

danp opened this issue May 16, 2016 · 6 comments

Comments

@danp
Copy link
Contributor

@danp danp commented May 16, 2016

I'd like to control whether or not to offer the "h2" protocol during TLS handshake based on the client's requested server name. Currently there's no way to do this with crypto/tls.

Would an optional callback similar to GetCertificate be useful for this and other similar cases?

@danp

This comment has been minimized.

Copy link
Contributor Author

@danp danp commented May 16, 2016

Erlang's ssl module has a similar facility: sni_fun in server-side ssl options, though it's only called when SNI is used. A callback that's used regardless of SNI (as GetCertificate is now) would be more generally useful.

@bradfitz bradfitz added this to the Go1.8Maybe milestone May 16, 2016
@bradfitz

This comment has been minimized.

Copy link
Contributor

@bradfitz bradfitz commented May 16, 2016

To @agl for thoughts. (Not necessarily for implementation)

@danp

This comment has been minimized.

Copy link
Contributor Author

@danp danp commented Jun 30, 2016

@agl this is something I'd really like to help implement or at least see for 1.8. Any input on this and/or #15707?

I'm roughly thinking of something like tls.Config.GetClientConfig(*tls.ClientHelloInfo) (*tls.Config, error) with more info on tls.ClientHelloInfo, such as ALPN protos. Select items on the returned config would be used for the connection. This hook would be called here or so.

@agl

This comment has been minimized.

Copy link
Contributor

@agl agl commented Jul 5, 2016

It's on my desiderata list for 1.8.

@bradfitz

This comment has been minimized.

Copy link
Contributor

@bradfitz bradfitz commented Sep 29, 2016

See #16066 for a related issue and my comment #16066 (comment) for one idea.

@quentinmit quentinmit added the NeedsFix label Oct 10, 2016
@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Oct 16, 2016

CL https://golang.org/cl/30790 mentions this issue.

@gopherbot gopherbot closed this in cff3e75 Oct 18, 2016
@golang golang locked and limited conversation to collaborators Oct 18, 2017
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
GetConfigForClient allows the tls.Config to be updated on a per-client
basis.

Fixes golang#16066.
Fixes golang#15707.
Fixes golang#15699.

Change-Id: I2c675a443d557f969441226729f98502b38901ea
Reviewed-on: https://go-review.googlesource.com/30790
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
GetConfigForClient allows the tls.Config to be updated on a per-client
basis.

Fixes golang#16066.
Fixes golang#15707.
Fixes golang#15699.

Change-Id: I2c675a443d557f969441226729f98502b38901ea
Reviewed-on: https://go-review.googlesource.com/30790
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.