Uploaded image for project: 'JBoss Core Services'
  1. JBoss Core Services
  2. JBCS-226

Some clients might have problems with mod_h2-1.5.11: Received bad client magic byte string

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • httpd 2.4.23 ER4
    • httpd 2.4.23 ER4
    • httpd
    • None
    • ER4

      Configuration

      httpd 2.4.23 ER4 configured with 

      Listen 192.168.122.204:3443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog exec:/opt/2.4.23-ER4.0/jbcs-httpd24-2.4/httpd/sbin/httpd-ssl-pass-dialog
SSLSessionCache         shmcb:/opt/2.4.23-ER4.0/jbcs-httpd24-2.4/httpd/run/sslcache(512000)
SSLSessionCacheTimeout  300

Mutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

LoadModule http2_module modules/mod_http2.so

<VirtualHost _default_:3443>
    ErrorLog logs/ssl_error_log
    TransferLog logs/ssl_access_log
    LogLevel debug

    SSLEngine on

    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
    SSLProtocol All -SSLv2 -SSLv3

    SSLCertificateFile /opt/2.4.23-ER4.0/jbcs-httpd24-2.4/httpd/lib/openssl/certs/localhost.crt

    SSLCertificateKeyFile /opt/2.4.23-ER4.0/jbcs-httpd24-2.4/httpd/lib/openssl/certs/localhost.key

    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>
    <Directory "/opt/rh/jbcs-httpd24/root/opt/2.4.23-ER4.0/jbcs-httpd24-2.4/httpd/www/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

    CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

    <IfModule http2_module>
        Protocols h2 http/1.1
    </IfModule>

</VirtualHost>

      Problem

      While some clients seem to work correctly, e.g. Google Chrome, nghttp2 

      karm@box:~/nghttp2 (master=)$ h2load -n100000 -c100 -m100 https://192.168.122.204:3443
starting benchmark...
spawning thread #0: 100 total client(s). 100000 total requests
TLS Protocol: TLSv1.2
Cipher: ECDHE-RSA-AES128-GCM-SHA256
Server Temp Key: ECDH P-256 256 bits
Application protocol: h2
finished in 12.16s, 7816.91 req/s, 384.46KB/s
requests: 100000 total, 96870 started, 100000 done, 95026 succeeded, 4974 failed, 4974 errored, 0 timeout
status codes: 95026 2xx, 0 3xx, 0 4xx, 0 5xx

      Go clients have problem with our mod_h2 1.5.11, see discussion on the topic. It is supposedly fixed in mod_h2 1.5.12. 

      h2_session.c(1806): [client 192.168.122.1:41455] AH03402: h2_session(2): proto error -> shutdown
h2_session.c(655): [client 192.168.122.1:41455] AH03068: h2_session(2): sent FRAME[GOAWAY[error=-903, reason='Received bad client magic byte string', last_stream=0]], frames=0/2 (r/s)

      Solution

      • find a configuration workaround (server side or client side)
      • patch our httpd 2.4.23 with 2.4.x upstream patch
      • wait for next release

            mbabacek1@redhat.com Michal Karm
            mbabacek1@redhat.com Michal Karm
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: