New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: Connection reset with TLS server (only on 1.1 / tip) and firefox #5445
Labels
Comments
Imho this is a bug in filegive, not Go. In your NewHttpsListener, where you construct your own TLS listener, you're not setting the NextProtos field of the tls.Config struct. If you check how http.ListenAndServeTLS works, you'll see that you want to set this to []string{"http/1.1"} -- And if you do that, it indeed works. |
I can't reproduce (although I have Firefox 21 here). I'm just running this code: package main import ( "net/http" ) func main() { if err := http.ListenAndServeTLS(":8080", "cert.pem", "key.pem", nil); err != nil { panic(err) } } Where the key pair is from: % openssl genrsa 1024 > key.pem % openssl req -new -x509 -key key.pem -out cert.pem -days 1095 |
http.ListenAndServeTLS will work just fine, because it sets the TLS's listener NextProtos field explicitly. What the original code does is manually construct a TLS listener. I reduced the original, rather long program to this single file that demonstrates the issue: http://play.golang.org/p/qLahG6ZWn7 |
Thanks for that. This is a little bit of a Go issue, but mostly a Firefox issue. Go shouldn't be sending an empty NPN extension when NextProtos is nil, but that's not a big deal. The real problem is that, in the event of a mismatch, Firefox is defaulting to sending an NextProtocol of spdy/3, but actually talking HTTP/1.1! I've made a note and will chase up the FF folks on Monday. I'll also fix the Go issue and that should solve it too. Labels changed: added priority-soon, go1.1.1, packagebug, removed priority-triage. Owner changed to @agl. Status changed to Accepted. |
This issue was closed by revision 8590e1b. Status changed to Fixed. |
FiloSottile
pushed a commit
to FiloSottile/go
that referenced
this issue
Oct 12, 2018
This isn't clearly a bug on Go's part, but it triggers a bug in Firefox which means that crypto/tls and net/http cannot be wired up together unless NextProtos includes "http/1.1". When net/http sets up the tls.Config, it does this and so works fine. But anyone setting up the tls.Config themselves will hit the Firefox bug. Fixes golang#5445. R=golang-dev, bradfitz, r CC=golang-dev https://golang.org/cl/9539045
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
by viriketo:
The text was updated successfully, but these errors were encountered: