Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/http: logic error in http2ConfigureServer? #28929

Open
pxing-china opened this issue Nov 23, 2018 · 2 comments
Open

net/http: logic error in http2ConfigureServer? #28929

pxing-china opened this issue Nov 23, 2018 · 2 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Unplanned

Comments

@pxing-china
Copy link

pxing-china commented Nov 23, 2018
edited by myitcv

Reported against tip, 649b893

go/src/net/http/h2_bundle.go

Line 4021 in 649b893

} else if sawBad {

the logic of this line is error(ValidCipher, BadCipher,BadCipher will go through), it should be

if http2isBadCipher(cs) {
    sawBad = true
} 
if sawBad {
    return fmt.Errorf("http2: TLSConfig.CipherSuites index %d contains an HTTP/2-approved cipher suite (%#04x), but it comes after unapproved cipher suites. With this configuration, clients that don't support previous, approved cipher suites may be given an unapproved one and reject the connection.", i, cs)
}
@myitcv myitcv changed the title The sawBad logic is error net/http: logic error in http2ConfigureServer? Nov 23, 2018
@myitcv
Copy link
Member

myitcv commented Nov 23, 2018

cc @bradfitz

@fraenkel
Copy link
Contributor

@pxing-china I think you misunderstood the check.
It wants to prevent BadCipher, ValidCipher. Given this order, the bad cipher will cause the connection to be rejected before trying the valid cipher. BadCiphers after ValidCiphers are fine because at least you tried all the valid ones first.

@andybons andybons added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Nov 26, 2018
@andybons andybons added this to the Unplanned milestone Nov 26, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Unplanned
Development

No branches or pull requests
4 participants
@andybons @fraenkel @myitcv @pxing-china