Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS Routing: Align IsALPNConnUpgradeRequired check #29098

Closed
smallinsky opened this issue Jul 14, 2023 · 0 comments · Fixed by #29133
Closed

TLS Routing: Align IsALPNConnUpgradeRequired check #29098

smallinsky opened this issue Jul 14, 2023 · 0 comments · Fixed by #29133
Assignees
@greedy52
Labels
bug tls-routing Issues related to TLS routing

Comments

@smallinsky
Copy link
Contributor

What

During IsALPNConnUpgradeRequired connection check the L7 LB can select ALPN protocol unknown from the client side.

$ openssl s_client -connect teleport.example.com:443   -alpn teleport-reversetunnel
...
ALPN protocol: http/1.1
...

In the result the IsALPNConnUpgradeRequired check fails with the following error checkALPN and the whole IsALPNConnUpgradeRequired call is evaluated to false:

 ALPN connection upgrade test failed for "teleport.example.com:443": tls: server selected unadvertised ALPN protocol. client/alpn_conn_upgrade.go:83

Align the IsALPNConnUpgradeRequired function logic and handle the case where TLS Dial call returns the server selected unadvertised ALPN protocol error.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@greedy52 greedy52

Labels
bug tls-routing Issues related to TLS routing
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ALPN handshake test to account "unadvertised ALPN" error gravitational/teleport
2 participants
@greedy52 @smallinsky