Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Add HTTP/2 and SPDY Reporting #597

Closed
wants to merge 2 commits into from
Closed

[WIP] Add HTTP/2 and SPDY Reporting #597

wants to merge 2 commits into from

Conversation

APTy
Copy link
Contributor

@APTy APTy commented Apr 15, 2016

This PR improves cfssl scan by using ALPN to determine which application-layer protocols that a server supports (among HTTP/1, HTTP/2, and SPDY/3). The ALPN scanner is introduced as part of the TLSHandshake family of scanners (might need to be in a new family of TLSExtensions).

Example of cfssl scan

$ cfssl scan -scanner=ALPN cloudflare.com
Scanning cloudflare.com...
=== cloudflare.com ===
{
  "TLSHandshake": {
    "ALPN": {
      "grade": "Good",
      "output": {
        "HTTP/1": true,
        "HTTP/2": true,
        "SPDY/3": true
      }
    }
  }
}

Example of cfssl scan -list

$ cfssl scan -list

...

"TLSHandshake": {
    "description": "Scans for host's SSL/TLS version and cipher suite negotiation",
    "scanners": {
      "ALPN": {
        "description": "Determines host's supported application-layer protocols"
      },

...

Resolves #444

@APTy APTy force-pushed the h2scan branch 3 times, most recently from 2e55099 to 7629cea Compare April 28, 2016 05:14
@APTy
Copy link
Contributor Author

APTy commented Apr 28, 2016
edited
Loading

I'm getting a funny issue where the tests added in 723a1f4 work in isolation (say, in their own package), but fail with handshake error when run inside the scan/ package. Any thoughts on this or any global config that could be having an effect? (mentioning @grittygrease since you filed this issue, but let me know if anyone else has a sec to take a look) Thanks!

@kisom
Copy link
Contributor

kisom commented May 2, 2016

@APTy I run into this issue even when testing from the top level:

~/src/github.com/cloudflare/cfssl/
(0) <straka:kyle> $ go test ./...
# some output elided
--- FAIL: TestTLSConnection (1.00s)
        tls_handshake_test.go:82: client error at Dial(): remote error: handshake failure
FAIL
FAIL    github.com/cloudflare/cfssl/scan        1.004s
# more output elided

@APTy
Copy link
Contributor Author

APTy commented May 3, 2016

@kisom Yeah I definitely am getting that same issue when I run this test. But it runs fine when its not inside the cfssl package generally. I've tried digging into any project-specific TLS settings that could be the cause, but have had no luck so far. Any thoughts?

@APTy
Copy link
Contributor Author

APTy commented May 6, 2016

Btw I noticed that adding the following crypto libs to scan/vendor/ fixes that specific error.

crypto/aes/
crypto/des/
crypto/ecdsa/
crypto/elliptic/
crypto/x509/

This does break other parts of the package, so my guess is there is some weird interplay between the various vendor files in the project. Looking into it

@lziest
Copy link
Contributor

lziest commented Aug 23, 2017

orphaned PR?

@APTy APTy closed this Apr 17, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@APTy @kisom @lziest