New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: remove NPN support #28362
Comments
Do the Chrome ULA or Firefox Telemetry dashboards have data on whether NPN or ALPN was used to initiate HTTP/2? Actually, now I forget the protocol details enough to know whether the client side can even detect whether the server used one vs the other in its decision making process. Looking at https://telemetry.mozilla.org/dashboard-generator/index.html and adding SPDY_NPN_CONNECT (if that's the right number) + "Add to Dashboard" + "Generate Dashboard" it says 33.12%. Does that mean one third of HTTP/2 is over NPN instead of ALPN? If so, sounds like we shouldn't remove it yet. /cc @agl too |
I wonder what As a server, our internal data suggests that NPN is very nearly ready to remove. The only exceptions are some gRPC clients using old versions of OpenSSL. (gRPC clients, unlike HTTP clients, are dead in the water if they don't get HTTP/2.) As a client, I don't have great data off-hand, but I would expect that it would be fine to remove. |
On the client, Firefox and Chrome removed NPN in April 2017, and April 2016, respectively, so presumably metrics from both are zero at this point. :-) I can only assume |
Also gone from Edge/IE on Windows 10 it seems. |
Change https://golang.org/cl/174329 mentions this issue: |
Change https://golang.org/cl/201202 mentions this issue: |
We now only support ALPN. Updates #28362 Change-Id: I8d9461c7a91315ee92e712448d0bf5c4070d09ae Reviewed-on: https://go-review.googlesource.com/c/go/+/201202 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Bryan C. Mills <bcmills@google.com> Reviewed-by: Bryan C. Mills <bcmills@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
was it fair to remove NPN that soon, @FiloSottile? |
That ship has sailed (in Go 1.14). We found no data to suggest it was still in wide use. |
NPN, the Next Protocol Negotiation extension, is specified by a draft expired 6 years ago and has been replaced by ALPN, which we also support. We should look at the NPN usage in the ecosystem and remove support for it.
The text was updated successfully, but these errors were encountered: