SNI requirement for H2
Nicholas Hurley <hurley@mozilla.com> Fri, 03 April 2015 18:42 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBD021ACF18 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 3 Apr 2015 11:42:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.289
X-Spam-Level:
X-Spam-Status: No, score=-6.289 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ROKRAXRTJMz for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 3 Apr 2015 11:42:21 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 282631ACF17 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 3 Apr 2015 11:42:21 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Ye6Tq-0006Ob-1Y for ietf-http-wg-dist@listhub.w3.org; Fri, 03 Apr 2015 18:38:10 +0000
Resent-Date: Fri, 03 Apr 2015 18:38:10 +0000
Resent-Message-Id: <E1Ye6Tq-0006Ob-1Y@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.80) (envelope-from <hurley@mozilla.com>) id 1Ye6Tl-0006Nu-T5 for ietf-http-wg@listhub.w3.org; Fri, 03 Apr 2015 18:38:05 +0000
Received: from mail-ob0-f172.google.com ([209.85.214.172]) by maggie.w3.org with esmtps (TLS1.2:RSA_ARCFOUR_SHA1:128) (Exim 4.80) (envelope-from <hurley@mozilla.com>) id 1Ye6Tk-0005jg-Md for ietf-http-wg@w3.org; Fri, 03 Apr 2015 18:38:05 +0000
Received: by obvd1 with SMTP id d1so181238968obv.0 for <ietf-http-wg@w3.org>; Fri, 03 Apr 2015 11:37:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=g1a0syffn3EQ1ad6NZ7V4vY485UdLw3y6fc3bXjAi3Y=; b=D30bd+1kyeroYwASinyRJ0Y7kZEuAJI+nufShB5xshdBV+DFSBor8UdY9yN4vZ7eEp WP2+8cac5vK4XzDEuhHXX4MppnQu1RUA+Y5vSdR9MGDOtHx1rm7fNpp/dQNXiO/L1wmX srcc9sBhtinzd/ius7d5cj5aQN/ix+4toRkA9nt+7aScV685iRCFQhRrg7BFaSG9B1rA bh0n6r3tIfjTvajYAESpCkS95C126z3daaGHjxy+lV3UbCX/qyYRFzl+3+uK8KRgcYCn DYx8xMWt9Xi/u+jxnaY8w1ClM3y/N1vAPF8mK5TpJPL1xF8BxRCq6YcdAJmzJjUBIoCt NFiw==
X-Gm-Message-State: ALoCoQlm0iMmyy5WC46F5b+XPmlxiBBbX7P+NlH/NuclBjpPRv1n4ZJLWUpMkp4qqTcPB1Y6cRSl
MIME-Version: 1.0
X-Received: by 10.182.241.99 with SMTP id wh3mr4437478obc.81.1428086258492; Fri, 03 Apr 2015 11:37:38 -0700 (PDT)
Received: by 10.76.43.205 with HTTP; Fri, 3 Apr 2015 11:37:38 -0700 (PDT)
Date: Fri, 03 Apr 2015 11:37:38 -0700
Message-ID: <CAGxKgz2-5OSwPGs=S_EVwPv-dYvPSO-H4YCiXX5wt-CxTxMVpg@mail.gmail.com>
From: Nicholas Hurley <hurley@mozilla.com>
To: ietf-http-wg@w3.org
Content-Type: multipart/alternative; boundary="001a11c2ea342582a70512d63e92"
Received-SPF: pass client-ip=209.85.214.172; envelope-from=hurley@mozilla.com; helo=mail-ob0-f172.google.com
X-W3C-Hub-Spam-Status: No, score=-2.7
X-W3C-Hub-Spam-Report: HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1Ye6Tk-0005jg-Md 9f88d759abddd4a8393535fca837daaa
X-Original-To: ietf-http-wg@w3.org
Subject: SNI requirement for H2
Archived-At: <http://www.w3.org/mid/CAGxKgz2-5OSwPGs=S_EVwPv-dYvPSO-H4YCiXX5wt-CxTxMVpg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/29237
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
All, While looking at https://github.com/molnarg/node-http2/issues/69 I came to the realization that it appears we have (unintentionally) made it impossible to speak h2 when connecting directly to an IP address (as in, IP address typed into URL bar as opposed to hostname typed into URL bar) and remain compliant with both the h2 spec and RFC 6066. 6066 specifies that SNI is not to be sent for an IP literal, while h2 requires SNI. You can see the conflict. In node-http2, we have decided to relax the SNI requirement, and still speak h2 to clients that don't give us any SNI, under the assumption that this (IP in URL bar, or equivalent) is the case we are hitting. I had also filed a bug against Firefox to stop advertising h2 in the cases where we won't send SNI, but am rethinking that idea, as it was pointed out (rightly so) that a lot of test servers never have a hostname associated with them, and not being able to talk h2 to test servers seems like a Bad Idea :) FWIW, I checked Safari, Chrome, IE (11 on Windows 7), and Firefox. Both Safari and Chrome send SNI regardless of IP or hostname, so they will not run into this problem. IE and Firefox both send SNI only for hostnames (at least in the configurations I tested), so they will hit this problem. (Obvious caveat: non-Firefox browsers may have changed their behavior in later versions than I have access to, so of course my testing may not hold true in the future.) I talked briefly to Martin offline, and he says we may be able to get a clarification on this point in during AUTH48 to (my words, now, not his) perhaps relax this restriction, or at least make it clear that you probably don't need to require SNI in a testing situation, in order to avoid this problem. Thoughts?
- SNI requirement for H2 Nicholas Hurley
- Re: SNI requirement for H2 Willy Tarreau
- Re: SNI requirement for H2 Roberto Peon
- Re: SNI requirement for H2 Martin Thomson
- Re: SNI requirement for H2 Willy Tarreau
- Re: SNI requirement for H2 Martin Thomson
- Re: SNI requirement for H2 Greg Wilkins