Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/net/http2: Required ciphers error message is confusing #34776

Closed
scottmmjackson opened this issue Oct 8, 2019 · 3 comments
Closed

x/net/http2: Required ciphers error message is confusing #34776

scottmmjackson opened this issue Oct 8, 2019 · 3 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Unplanned

Comments

@scottmmjackson
Copy link

What version of Go are you using (go version)?

$ go version
go version go1.12.10 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/root/go"
GOPROXY=""
GORACE=""
GOROOT="/usr/local/go"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build134947043=/tmp/go-build -gno-record-gcc-switches"

What did you do?

In cipher customization code, included TLS_AES_128_GCM_SHA256 in CipherSuites member to a tls.Config struct, which was subsequently passed to http.Server and ListenAndServeTLS()

What did you expect to see?

Proper startup

What did you see instead?

http2: TLSConfig.CipherSuites is missing an HTTP/2-required AES_128_GCM_SHA256 cipher.

What the test actually wants is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. I imagine that prior to the introduction of TLS_AES_128_GCM_SHA256 this error message was less ambiguous. However, it is now misleading.
@andybons
Copy link
Member

@FiloSottile @bradfitz

@andybons andybons added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Oct 10, 2019
@andybons andybons added this to the Unplanned milestone Oct 10, 2019
@bradfitz bradfitz self-assigned this Oct 10, 2019
@gopherbot
Copy link
Contributor

Change https://golang.org/cl/200317 mentions this issue: http2: make CipherSuites validation error more verbose

@gopherbot
Copy link
Contributor

Change https://golang.org/cl/209077 mentions this issue: net/http: update bundled x/net/http2

gopherbot pushed a commit that referenced this issue Nov 27, 2019
@bradfitz
net/http: update bundled x/net/http2
22688f7 
Updates bundled http2 to x/net git rev ef20fe5d7 for:

   http2: make Transport.IdleConnTimeout consider wall (not monotonic) time
   https://golang.org/cl/208798 (#29308)

   http2: make CipherSuites validation error more verbose
   https://golang.org/cl/200317 (#34776)

   http2: track unread bytes when the pipe is broken
   https://golang.org/cl/187377 (#28634)

   http2: split cookie pair into separate hpack header fields
   https://golang.org/cl/155657 (#29386)

Fixes #29308
Fixes #28634

Change-Id: I71a03ca62ccb5ff35a5cfadd8dc705a4491ae7ea
Reviewed-on: https://go-review.googlesource.com/c/go/+/209077
Reviewed-by: Ian Lance Taylor <iant@golang.org>
@mh-cbon mh-cbon mentioned this issue Sep 12, 2020
Closed
@golang golang locked and limited conversation to collaborators Nov 26, 2020
dteh pushed a commit to dteh/fhttp that referenced this issue Jun 22, 2022
@bradfitz
http2: make CipherSuites validation error more verbose
1ca3dd6 
Fixes golang/go#34776

Change-Id: Ib76e687780781d9cc59346f722d0ea4ec033ce77
Reviewed-on: https://go-review.googlesource.com/c/net/+/200317
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Unplanned
Development

No branches or pull requests
4 participants
@bradfitz @andybons @scottmmjackson @gopherbot