Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/net/http2: Required ciphers error message is confusing #34776

Closed
scottmmjackson opened this issue Oct 8, 2019 · 3 comments
Closed

x/net/http2: Required ciphers error message is confusing #34776

scottmmjackson opened this issue Oct 8, 2019 · 3 comments
Assignees
Milestone

Comments

@scottmmjackson
Copy link

@scottmmjackson scottmmjackson commented Oct 8, 2019

What version of Go are you using (go version)?

$ go version
go version go1.12.10 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/root/go"
GOPROXY=""
GORACE=""
GOROOT="/usr/local/go"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build134947043=/tmp/go-build -gno-record-gcc-switches"

What did you do?

In cipher customization code, included TLS_AES_128_GCM_SHA256 in CipherSuites member to a tls.Config struct, which was subsequently passed to http.Server and ListenAndServeTLS()

What did you expect to see?

Proper startup

What did you see instead?

http2: TLSConfig.CipherSuites is missing an HTTP/2-required AES_128_GCM_SHA256 cipher.

What the test actually wants is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. I imagine that prior to the introduction of TLS_AES_128_GCM_SHA256 this error message was less ambiguous. However, it is now misleading.

@andybons

This comment has been minimized.

Copy link
Member

@andybons andybons commented Oct 10, 2019

@andybons andybons added this to the Unplanned milestone Oct 10, 2019
@bradfitz bradfitz self-assigned this Oct 10, 2019
@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Oct 10, 2019

Change https://golang.org/cl/200317 mentions this issue: http2: make CipherSuites validation error more verbose

@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Nov 27, 2019

Change https://golang.org/cl/209077 mentions this issue: net/http: update bundled x/net/http2

gopherbot pushed a commit that referenced this issue Nov 27, 2019
Updates bundled http2 to x/net git rev ef20fe5d7 for:

   http2: make Transport.IdleConnTimeout consider wall (not monotonic) time
   https://golang.org/cl/208798 (#29308)

   http2: make CipherSuites validation error more verbose
   https://golang.org/cl/200317 (#34776)

   http2: track unread bytes when the pipe is broken
   https://golang.org/cl/187377 (#28634)

   http2: split cookie pair into separate hpack header fields
   https://golang.org/cl/155657 (#29386)

Fixes #29308
Fixes #28634

Change-Id: I71a03ca62ccb5ff35a5cfadd8dc705a4491ae7ea
Reviewed-on: https://go-review.googlesource.com/c/go/+/209077
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.