Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: remove NPN support #28362

Closed
FiloSottile opened this issue Oct 24, 2018 · 6 comments
Closed

crypto/tls: remove NPN support #28362

FiloSottile opened this issue Oct 24, 2018 · 6 comments
Assignees
Milestone

Comments

@FiloSottile
Copy link
Member

@FiloSottile FiloSottile commented Oct 24, 2018

NPN, the Next Protocol Negotiation extension, is specified by a draft expired 6 years ago and has been replaced by ALPN, which we also support. We should look at the NPN usage in the ecosystem and remove support for it.

@FiloSottile FiloSottile added this to the Go1.12 milestone Oct 24, 2018
@FiloSottile FiloSottile self-assigned this Oct 24, 2018
@bradfitz

This comment has been minimized.

Copy link
Member

@bradfitz bradfitz commented Oct 24, 2018

Do the Chrome ULA or Firefox Telemetry dashboards have data on whether NPN or ALPN was used to initiate HTTP/2?

Actually, now I forget the protocol details enough to know whether the client side can even detect whether the server used one vs the other in its decision making process.

Looking at https://telemetry.mozilla.org/dashboard-generator/index.html and adding SPDY_NPN_CONNECT (if that's the right number) + "Add to Dashboard" + "Generate Dashboard" it says 33.12%. Does that mean one third of HTTP/2 is over NPN instead of ALPN? If so, sounds like we shouldn't remove it yet.

/cc @agl too

@agl

This comment has been minimized.

Copy link
Contributor

@agl agl commented Oct 27, 2018

I wonder what SPDY_NPN_CONNECT actually means, given that there's no ALPN version of the same.

As a server, our internal data suggests that NPN is very nearly ready to remove. The only exceptions are some gRPC clients using old versions of OpenSSL. (gRPC clients, unlike HTTP clients, are dead in the water if they don't get HTTP/2.)

As a client, I don't have great data off-hand, but I would expect that it would be fine to remove.

@davidben

This comment has been minimized.

Copy link
Contributor

@davidben davidben commented Nov 25, 2018

On the client, Firefox and Chrome removed NPN in April 2017, and April 2016, respectively, so presumably metrics from both are zero at this point. :-) I can only assume SPDY_NPN_CONNECT does not actually imply NPN.

@davidben

This comment has been minimized.

Copy link
Contributor

@davidben davidben commented Nov 25, 2018

Also gone from Edge/IE on Windows 10 it seems.

@andybons andybons modified the milestones: Go1.12, Go1.13 Feb 12, 2019
@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Apr 29, 2019

Change https://golang.org/cl/174329 mentions this issue: crypto/tls: remove NPN support

@andybons andybons modified the milestones: Go1.13, Go1.14 Jul 8, 2019
@gopherbot gopherbot closed this in 0fb95e7 Oct 4, 2019
@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Oct 15, 2019

Change https://golang.org/cl/201202 mentions this issue: net/http: remove references to old NPN support

gopherbot pushed a commit that referenced this issue Oct 15, 2019
We now only support ALPN.

Updates #28362

Change-Id: I8d9461c7a91315ee92e712448d0bf5c4070d09ae
Reviewed-on: https://go-review.googlesource.com/c/go/+/201202
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Bryan C. Mills <bcmills@google.com>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
6 participants
You can’t perform that action at this time.