Re: [hybi] thewebsocketprotocol #4 (new): handshake does not work properly with HTTP reverse proxy.
"hybi issue tracker" <trac@tools.ietf.org> Sun, 17 October 2010 23:12 UTC
Return-Path: <trac@tools.ietf.org>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 967C83A6C2F for <hybi@core3.amsl.com>; Sun, 17 Oct 2010 16:12:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.57
X-Spam-Level:
X-Spam-Status: No, score=-102.57 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bS3kfcSZ2ToL for <hybi@core3.amsl.com>; Sun, 17 Oct 2010 16:12:13 -0700 (PDT)
Received: from zinfandel.tools.ietf.org (unknown [IPv6:2001:1890:1112:1::2a]) by core3.amsl.com (Postfix) with ESMTP id 250903A6A6A for <hybi@ietf.org>; Sun, 17 Oct 2010 16:12:13 -0700 (PDT)
Received: from localhost ([::1] helo=zinfandel.tools.ietf.org) by zinfandel.tools.ietf.org with esmtp (Exim 4.72) (envelope-from <trac@tools.ietf.org>) id 1P7cPu-0001Bl-91; Sun, 17 Oct 2010 16:13:26 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: hybi issue tracker <trac@tools.ietf.org>
X-Trac-Version: 0.11.7
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.11.7, by Edgewall Software
To: gregw@webtide.com, ian@hixie.ch, ifette@google.com, salvatore.loreto@ericsson.com, sm+ietf@elandsys.com
X-Trac-Project: hybi
Date: Sun, 17 Oct 2010 23:13:25 -0000
X-URL: http://tools.ietf.org/hybi/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/hybi/trac/ticket/4#comment:5
Message-ID: <077.eef8456e0dba2be0e43ce961a9f158d1@tools.ietf.org>
References: <068.da8db0c773647cb0ed73d576f39e93ee@tools.ietf.org>
X-Trac-Ticket-ID: 4
In-Reply-To: <068.da8db0c773647cb0ed73d576f39e93ee@tools.ietf.org>
X-SA-Exim-Connect-IP: ::1
X-SA-Exim-Rcpt-To: gregw@webtide.com, ian@hixie.ch, ifette@google.com, salvatore.loreto@ericsson.com, sm+ietf@elandsys.com, hybi@ietf.org
X-SA-Exim-Mail-From: trac@tools.ietf.org
X-SA-Exim-Scanned: No (on zinfandel.tools.ietf.org); SAEximRunCond expanded to false
Cc: hybi@ietf.org
Subject: Re: [hybi] thewebsocketprotocol #4 (new): handshake does not work properly with HTTP reverse proxy.
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Oct 2010 23:12:14 -0000
#4: handshake does not work properly with HTTP reverse proxy. Comment(by gregw@…): I proposed fix for this issue was proposed and discussed in the thread http://www.ietf.org/mail-archive/web/hybi/current/msg04148.html Specifically that: * The unframed random bytes should not be sent by the client after the upgrade request. Instead all the random bytes that represent a client generate nonce should be sent as hex encoded header values in the upgrade request. * The server should receive and handle the upgrade request as entirely a HTTP requests. If the connection is acceptable, then a 101 response should be sent. * Immediately following the 101 response, the server must send a PING ws frame (alternately a new HELLO frame), that contains a hash of the client nonce plus a newly generated server nonce. The server will start a timeout waiting for a response. * The server may start sending WS frames after the PING, but must do so with knowledge that the handshake is not complete and the client may still reject it. * The client will receive the 101 response. * The client will receive the PING WS frame (or HELLO) and will check the value of the hashed client nonce. * The client will send a PONG response (or HELLO) containing a hash of the server nonce. * The client will call the onopen function of the related websocket API. The client may now send and receive WS frames. * The server will receive the PONG (or HELLO) response and will check the hashed server nonce in that frame. * The server will notify its local application that the handshake has completed. There were some objections to this proposal, but mostly focused on security issues. The result of the discussion around these objections is that a CONNECT based handshake may be proposed, plus further advocacy of TLS/NPN approaches. The proposed changes to the upgrade handshake were further discussed in http://www.ietf.org/mail-archive/web/hybi/current/msg04401.html Proposed diffs will be coming next. -- -------------------------------------------+-------------------------------- Reporter: salvatore.loreto@… | Owner: Type: defect | Status: new Priority: critical | Milestone: Component: thewebsocketprotocol | Version: Severity: Active WG Document | Keywords: -------------------------------------------+-------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/hybi/trac/ticket/4#comment:5> hybi <http://tools.ietf.org/hybi/> The Hypertext-Bidirectional (HyBi) working group will seek standardization of one approach to maintain bidirectional communications between the HTTP client, server and intermediate entities, which will provide more efficiency compared to the current use of hanging requests.
- [hybi] #4: handshake does not work properly with … hybi issue tracker
- Re: [hybi] #4: handshake does not work properly w… Jamie Lokier
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] #4: handshake does not work properly w… Greg Wilkins
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] #4: handshake does not work properly w… Greg Wilkins
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] #4: handshake does not work properly w… Mike Belshe
- Re: [hybi] #4: handshake does not work properly w… hybi issue tracker
- Re: [hybi] #4: handshake does not work properly w… Jamie Lokier
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] #4: handshake does not work properly w… Jamie Lokier
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] #4: handshake does not work properly w… hybi issue tracker
- Re: [hybi] WebSocket -76 is incompatible with HTT… Ian Hickson
- Re: [hybi] WebSocket -76 is incompatible with HTT… Willy Tarreau
- Re: [hybi] WebSocket -76 is incompatible with HTT… Greg Wilkins
- Re: [hybi] #4: handshake does not work properly w… Jamie Lokier
- Re: [hybi] #4: handshake does not work properly w… Shelby Moore
- Re: [hybi] #4: handshake does not work properly w… Shelby Moore
- Re: [hybi] #4: handshake does not work properly w… Greg Wilkins
- Re: [hybi] #4: handshake does not work properly w… Shelby Moore
- Re: [hybi] #4: handshake does not work properly w… hybi issue tracker
- Re: [hybi] #4: handshake does not work properly w… hybi issue tracker
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] #4: handshake does not work properly w… John Tamplin
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] thewebsocketprotocol #4 (new): handsha… hybi issue tracker
- Re: [hybi] #4: handshake does not work properly w… hybi issue tracker