crypto/tls: remove NPN support #28362

FiloSottile · 2018-10-24T15:40:48Z

NPN, the Next Protocol Negotiation extension, is specified by a draft expired 6 years ago and has been replaced by ALPN, which we also support. We should look at the NPN usage in the ecosystem and remove support for it.

bradfitz · 2018-10-24T18:59:33Z

Do the Chrome ULA or Firefox Telemetry dashboards have data on whether NPN or ALPN was used to initiate HTTP/2?

Actually, now I forget the protocol details enough to know whether the client side can even detect whether the server used one vs the other in its decision making process.

Looking at https://telemetry.mozilla.org/dashboard-generator/index.html and adding SPDY_NPN_CONNECT (if that's the right number) + "Add to Dashboard" + "Generate Dashboard" it says 33.12%. Does that mean one third of HTTP/2 is over NPN instead of ALPN? If so, sounds like we shouldn't remove it yet.

/cc @agl too

agl · 2018-10-27T16:54:57Z

I wonder what SPDY_NPN_CONNECT actually means, given that there's no ALPN version of the same.

As a server, our internal data suggests that NPN is very nearly ready to remove. The only exceptions are some gRPC clients using old versions of OpenSSL. (gRPC clients, unlike HTTP clients, are dead in the water if they don't get HTTP/2.)

As a client, I don't have great data off-hand, but I would expect that it would be fine to remove.

davidben · 2018-11-25T05:31:14Z

On the client, Firefox and Chrome removed NPN in April 2017, and April 2016, respectively, so presumably metrics from both are zero at this point. :-) I can only assume SPDY_NPN_CONNECT does not actually imply NPN.

davidben · 2018-11-25T06:00:38Z

Also gone from Edge/IE on Windows 10 it seems.

gopherbot · 2019-04-29T22:05:54Z

Change https://golang.org/cl/174329 mentions this issue: crypto/tls: remove NPN support

gopherbot · 2019-10-15T17:50:21Z

Change https://golang.org/cl/201202 mentions this issue: net/http: remove references to old NPN support

We now only support ALPN. Updates #28362 Change-Id: I8d9461c7a91315ee92e712448d0bf5c4070d09ae Reviewed-on: https://go-review.googlesource.com/c/go/+/201202 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Bryan C. Mills <bcmills@google.com> Reviewed-by: Bryan C. Mills <bcmills@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>

hellt · 2020-05-16T00:36:50Z

was it fair to remove NPN that soon, @FiloSottile?
Some (many) spdy->http2 server still not yet transitioned to ALPN and offering NPN only

bradfitz · 2020-05-16T00:42:45Z

That ship has sailed (in Go 1.14). We found no data to suggest it was still in wide use.

FiloSottile added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Oct 24, 2018

FiloSottile added this to the Go1.12 milestone Oct 24, 2018

FiloSottile self-assigned this Oct 24, 2018

andybons modified the milestones: Go1.12, Go1.13 Feb 12, 2019

andybons modified the milestones: Go1.13, Go1.14 Jul 8, 2019

gopherbot closed this as completed in 0fb95e7 Oct 4, 2019

golang locked and limited conversation to collaborators May 16, 2021

gopherbot added the FrozenDueToAge label May 16, 2021

rsc unassigned FiloSottile Jun 23, 2022

crypto/tls: remove NPN support #28362

crypto/tls: remove NPN support #28362

FiloSottile commented Oct 24, 2018

bradfitz commented Oct 24, 2018

agl commented Oct 27, 2018

davidben commented Nov 25, 2018

davidben commented Nov 25, 2018

gopherbot commented Apr 29, 2019

gopherbot commented Oct 15, 2019

hellt commented May 16, 2020

bradfitz commented May 16, 2020

crypto/tls: remove NPN support #28362

crypto/tls: remove NPN support #28362

Comments

FiloSottile commented Oct 24, 2018

bradfitz commented Oct 24, 2018

agl commented Oct 27, 2018

davidben commented Nov 25, 2018

davidben commented Nov 25, 2018

gopherbot commented Apr 29, 2019

gopherbot commented Oct 15, 2019

hellt commented May 16, 2020

bradfitz commented May 16, 2020