Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-2347

Undertow client must send either http/1.1 or both http/1.1 and h2 in SSL ClientHello handshake message

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 2.3.13.Final, 2.2.32.Final
    • None
    • Core
    • None

    Description

      When starting TLS over HTTP/1.1 the

      "application_layer_protocol_negotiation (16)": {
  [http/1.1]
}

      ALPN extension must be present in SSL ClientHello handshake message.

      When starting TLS over HTTP/1.1 with upgrade request to HTTP2 the

      "application_layer_protocol_negotiation (16)": {
  [h2, http/1.1]
}

      ALPN extension must be present in SSL ClientHello handshake message.

      In the past Undertow client was either sending no application_layer_protocol_negotiation ALPN extension when doing SSL over HTTP 1.1 or

      was sending just h2 value in application_layer_protocol_negotiation ALPN extension when doing SSL over HTTP 1.1 with HTTP2 upgrade request.

      This was causing SSL handshaking issues with servers / proxies that were configured to operate on HTTP 1.1 only because SSL protocol on client side

      was complaining when server responded with "application_layer_protocol_negotiation (16)": {
          [http/1.1]
        }

      on client handshake message that was containing just h2 value in application_layer_protocol_negotiation ALPN extension header.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-26775 [GSS](8.0.z) UNDERTOW-2347 - Undertow client must send either http/1.1 or both http/1.1 and h2 in SSL ClientHello handshake message

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-26774 (7.4.z) UNDERTOW-2347 - Undertow client must send either http/1.1 or both http/1.1 and h2 in SSL ClientHello handshake message

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Ready for QA
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. WFCORE-6794 CVE-2023-1973 Upgrade Undertow to 2.3.13.Final

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              ropalka Richard Opalka
              ropalka Richard Opalka
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: