ALPN support for HTTP/2
justcoding121 opened this issue · 5 comments
I wonder if we can also do ALPN extension support by doing a small hack here. That would help us to jump start working on HTTP/2, since almost all servers use ALPN along with HTTP/2 over TLS. Currently I don't see ALPN support going to be added to SslStream anytime soon.
dotnet/corefx#4721
I haven't done much research, but in my understanding all we need to is to add the ALPN extension in client hello and read the selected protocol from server hello extension. So if we can read server hello, then the difficulty would be inserting the ALPN extension to the client hello. May be it can be done by using our own insert stream (like peek stream) over the server buffered stream. So when we call AuthenticateAsClient, we will pass our insert stream to modify the client hello before sending it to server.
Again just a thought, I am not sure if there is any type of data integrity check associated with client hello. So..
I'll check it, but now i noticed that there is a problem with my last fix. It does not work with some https sites. Probably it is webserver dependent....
for example if I open http://oszkar.com it redirects to a stange url....
I'm sorry for it, I'll fix it in some hours, but now I have to go somewhere for an our.
I've created a pull request (#298). It adds the ALPN ssl extensions to the clienthello message which is generated by the SslStream during the AuthenticateAsClient call in TcpConnectionFactory.
It seems to work, the webservers sends back the ALPN = h2 field.
It is disabled currently:
bool alpnEnabled = false;
var alpnStream = alpnEnabled ? (Stream)new ClientHelloAlpnAdderStream(stream) : stream;
It is a little bit dirty code, I'll make it better if it will work.
If I enable it the browser says an error message. So I think it should be also added to the ServerHello in the AuthenticateAsServer call. But it is called earlier so the logic should be changed for this (unless if we want to add always that field with "h2" value, but i think it would be wrong).
ServerHello parser was also added in an earlier PR. You can get the ALPN value similar to the server name.
You are the MAN!
I was about to talk about server hello modification as well. So would you be able to do the same on the stream used for AuthenticateAsServer call as well? It's good that you kept it optional so that once we support HTTP/2 we can enable it. Thanks again!
@honfika I added the Ssl tools to a separate repository so that other projects blocked due to SNI/ALPN can use our SslStream. I haven't added the nuget package to our repository yet, since I haven't tested it. One day may be we can.
I am sorry, I probably broke .net standard support with my moving of ALPN to another package. I am installing VS 2017 now and will try to update StreamExtended nuget package usable by both .Net 4.5/.Net standard as a PCL library.