feat(s2n-tls-hyper): Add support for negotiating HTTP/2 #4924
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
goatgoose
force-pushed
the
hyper-http2
branch
3 times, most recently
from
8bd2b37 to
552530e
Compare
goatgoose
commented
Nov 21, 2024
goatgoose
force-pushed
the
hyper-http2
branch
2 times, most recently
from
9139ddf to
fcf21c3
Compare
goatgoose
force-pushed
the
hyper-http2
branch
from
fcf21c3 to
e87a725
Compare
lrstewart
reviewed
Nov 21, 2024
goatgoose
force-pushed
the
hyper-http2
branch
2 times, most recently
from
8ec55f2 to
65aeac2
Compare
goatgoose
force-pushed
the
hyper-http2
branch
from
65aeac2 to
0220444
Compare
lrstewart
reviewed
Nov 22, 2024
jmayclin
reviewed
Nov 26, 2024
goatgoose
commented
Dec 3, 2024
| match conn.application_protocol() { | ||
| // Inform hyper that HTTP/2 was negotiated in the ALPN. | ||
| Some(b"h2") => connected.negotiated_h2(), | ||
| _ => connected, |
There was a problem hiding this comment.
Ideally we could assert that the negotiated application protocol was something we expected here. However, we can't return an error since this function doesn't return an error. We could panic, however misbehaved servers could technically return whatever ALPN value they want, whether or not the client attempted to negotiate it. So panicking here seems wrong, since it's outside of the user's control. It seemed better to just attempt HTTP/1 if an unexpected protocol was negotiated.
goatgoose
force-pushed
the
hyper-http2
branch
from
ce94adf to
a90e03a
Compare
lrstewart
approved these changes
Dec 4, 2024
Comment on lines
+133
to
+136
| // https://datatracker.ietf.org/doc/html/rfc7301#section-3.2 | ||
| // In the event that the server supports no | ||
| // protocols that the client advertises, then the server SHALL respond | ||
| // with a fatal "no_application_protocol" alert. |
jmayclin
approved these changes
Dec 10, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
Currently s2n-tls-hyper can only negotiate HTTP/1. This PR adds support for HTTP/2.
HTTP/2 is negotiated at the TLS level, via the ALPN extension. After the hyper client completes the TLS handshake, the negotiated ALPN value is checked. If HTTP/2 was negotiated, HTTP/2 is enabled in hyper by updating the returned
Connectedstruct.Call-outs:
I currently attempt to always negotiate HTTP/2 by just always sending HTTP/2 in the ALPN. This means that ALPN values manually set on the config will be ignored. I think this is fine though, since it seems like s2n-tls-hyper should be the one deciding which ALPN values to send. We can also later add a way to configure the ALPN in s2n-tls-hyper, if we need a way to opt-out of HTTP/2 or something.
Testing:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.