sslsplit
sslsplit copied to clipboard
feature/alpn support
Provide support for ALPN extensions (HTTP/2)
Thanks for the contribution. Have you tested this patch under conditions where browser and server actually do select h2 or spdy and you use a https
proxyspec? I expect changes to the protocol parsing to be required in order to properly support HTTP/2.
Related to #62, #89, #91.
You are correct, it does not work correctly when using the https
proxyspec.
However, I am using it with ssl
proxyspec where it works as expected. I have a modification where it only relays ALPN in non-http proxyspec. Let me know if you are interested in taking a look. With the patch, as far as I can tell there are no concerns regarding backwards compatibility.
Also, I could take a look at implementing what may be necessary to make http/2 work in https
proxyspec. Do you know, at a high level, what would need to be supported? I see in the pxy_http_reqhdr_filter_line
and pxy_http_resphdr_filter_line
functions that some headers are modified/removed, but without more context I can't tell how that would translate to http/2.
This patch is very useful to inspect http/2 content, thank you. I look forward to seeing formal http/2 support to be able to observe the headers which are compressed.
Would you be willing to also update the manual page with information on how the different modes behave with this patch regarding ALPN relaying and support for funky protocols?
Is there a need to make ALPN relaying configurable?