sslsplit icon indicating copy to clipboard operation
sslsplit copied to clipboard

Published 20 hours ago verified publisher icon droe

feature/alpn support

Open ibaniski opened this issue 7 years ago • 4 comments

Provide support for ALPN extensions (HTTP/2)

ibaniski avatar Jul 18 '16 18:07 ibaniski

Thanks for the contribution. Have you tested this patch under conditions where browser and server actually do select h2 or spdy and you use a https proxyspec? I expect changes to the protocol parsing to be required in order to properly support HTTP/2.

Related to #62, #89, #91.

droe avatar Jul 23 '16 00:07 droe

You are correct, it does not work correctly when using the https proxyspec.

However, I am using it with ssl proxyspec where it works as expected. I have a modification where it only relays ALPN in non-http proxyspec. Let me know if you are interested in taking a look. With the patch, as far as I can tell there are no concerns regarding backwards compatibility.

Also, I could take a look at implementing what may be necessary to make http/2 work in https proxyspec. Do you know, at a high level, what would need to be supported? I see in the pxy_http_reqhdr_filter_line and pxy_http_resphdr_filter_line functions that some headers are modified/removed, but without more context I can't tell how that would translate to http/2.

ibaniski avatar Jul 25 '16 13:07 ibaniski

This patch is very useful to inspect http/2 content, thank you. I look forward to seeing formal http/2 support to be able to observe the headers which are compressed.

phlantin avatar Jul 06 '18 19:07 phlantin

Would you be willing to also update the manual page with information on how the different modes behave with this patch regarding ALPN relaying and support for funky protocols?

Is there a need to make ALPN relaying configurable?

droe avatar Jul 16 '18 11:07 droe