This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 5c0b0399d1 Disable h2 prior knowledge on tls (#11881)
5c0b0399d1 is described below
commit 5c0b0399d14d17885c295906136aa023f1fc4a0a
Author: Masakazu Kitajo <[email protected]>
AuthorDate: Wed Jan 22 16:32:50 2025 -0700
Disable h2 prior knowledge on tls (#11881)
* Don't allow using HTTP/2 prior knowledge on TLS connections
* Update debug log message
* Use ALPN on autest tls_0rtt_server
* Add a comment
---
src/proxy/ProtocolProbeSessionAccept.cc | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/proxy/ProtocolProbeSessionAccept.cc
b/src/proxy/ProtocolProbeSessionAccept.cc
index 66fe9f624f..8b974d2f08 100644
--- a/src/proxy/ProtocolProbeSessionAccept.cc
+++ b/src/proxy/ProtocolProbeSessionAccept.cc
@@ -136,7 +136,13 @@ struct ProtocolProbeTrampoline : public Continuation,
public ProtocolProbeSessio
} // end of Proxy Protocol processing
if (proto_is_http2(reader)) {
- key = PROTO_HTTP2;
+ if (netvc->get_service<TLSBasicSupport>() == nullptr) {
+ key = PROTO_HTTP2;
+ } else {
+ // RFC 9113 Section 3.3: Prior knowledge is only permissible for
HTTP/2 over plaintext (non-TLS) connections.
+ Dbg(dbg_ctl_http, "HTTP/2 prior knowledge was used on a TLS connection
(protocol violation). Selecting HTTP/1 instead.");
+ key = PROTO_HTTP;
+ }
} else {
key = PROTO_HTTP;
}
