-
Notifications
You must be signed in to change notification settings - Fork 17.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: enforcing ALPN breaks HTTP/1.1 fallbacks on misconfigured servers #46310
Comments
It looks like even x/net/http2 is doing this wrong so we might need to just hardcode an exception such that if |
Change https://golang.org/cl/325611 mentions this issue: |
Change https://golang.org/cl/325432 mentions this issue: |
With CL 289209, we started enforcing ALPN protocol overlap when both sides support ALPN. This means that an "http/1.1"-only ALPN-aware client will fail to connect to a server with only "h2" in NextProtos. Unfortunately, that's how ConfigureServer was setting up the tls.Config. The new behavior mirrors ConfigureTransport on the client side (but not Transport.newTLSConfig because the latter is used to make HTTP/2-only connections). Updates golang/go#46310 Change-Id: Idbab7a6f873f3be78104df6f2908895f4d399bd3 Reviewed-on: https://go-review.googlesource.com/c/net/+/325611 Trust: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org>
This broke us and has been preventing us from upgrade http://github.com/istio/istio to golang 1.17. Our expectation is that we can have a server that will serve any explicitly configured ALPNs with that config (ie dc00dc6 was an insufficient fix for us; we do not have A few alternatives we have tried:
Is there any viable workarounds? Right now we are stuck. |
With CL 289209, we started enforcing ALPN protocol overlap when both sides support ALPN. This means that an "http/1.1"-only ALPN-aware client will fail to connect to a server with only "h2" in NextProtos. Unfortunately, that's how ConfigureServer was setting up the tls.Config. The new behavior mirrors ConfigureTransport on the client side (but not Transport.newTLSConfig because the latter is used to make HTTP/2-only connections). Updates golang/go#46310 Change-Id: Idbab7a6f873f3be78104df6f2908895f4d399bd3 Reviewed-on: https://go-review.googlesource.com/c/net/+/325611 Trust: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org>
In 90d6bbb we fixed crypto/tls to require a successful ALPN negotiation if both sides support it. That is, if a client sends an ALPN extension, and the server has configured
NextProtos
, we reject the connection if there is no overlap between client and server protocols.This is what the spec requires, and has a security benefit, because it protects against cross-protocol attacks.
However, it's also kind of surprising, because if a client doesn't support ALPN it will never have its connection rejected.
Moreover, we used not to enforce this, so there is a risk that servers configured a partial
NextProtos
list, expecting other protocols to just fallback to not negotiating ALPN.In particular, we have anecdotal evidence of servers with
NextProtos: []string{"h2"}
that expect a client that tries to negotiatehttp/1.1
to fallback successfully. These servers will break in Go 1.17.I searched all code on the Modules Mirror for
NextProtos
uses, and it looks like this is the only case in which a fallback seems to be expected.Some of them are from gRPC, which as far as I know legitimately requires HTTP/2, so for those all is well.
Some though look like they might unintentionally break. We should figure out how common this is, weight it against the security benefit, and maybe proactively reach out.
We should also make sure the HTTP/2 docs in Go have correct examples that include
http/1.1
./cc @golang/security
The text was updated successfully, but these errors were encountered: