Skip to content

TLS does not enforce ALPN protocol  #434

New issue
New issue
Open
#7184
Open
TLS does not enforce ALPN protocol #434
#7184
Assignees
arjan-bal
Labels
Area: TransportIncludes HTTP/2 client/server and HTTP server handler transports and advanced transport features.P2Type: Bug
@carl-mastrangelo

Description

@carl-mastrangelo
carl-mastrangelo
opened on Nov 6, 2015

According to https://tools.ietf.org/html/rfc7540#section-3.3 connections over TLS use the "h2" application protocol identifier. Attempting to use another protocol identifier, such as "h2c", should fail the connection. Currently, the Grpc go server accepts using this invalid identifier when establishing a TLS connection.

Here is the test that fails:

https://github.com/grpc/grpc/blob/master/tools/http2_interop/http2interop.go#L235

Metadata

Metadata

Assignees

Labels

Area: TransportIncludes HTTP/2 client/server and HTTP server handler transports and advanced transport features.P2Type: Bug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions