h2spec icon indicating copy to clipboard operation
h2spec copied to clipboard

Published 20 hours ago verified publisher icon summerwind

HTTP2 spec section 3.5 error

Open rustrust opened this issue 5 years ago • 5 comments
trafficstars

it looks like the good folks over at actix-web found an error in h2spec section 3.5

https://github.com/actix/actix-web/issues/1453

"Clients and servers MUST treat an invalid connection preface as a connection error (Section 5.4.1) of type PROTOCOL_ERROR. A GOAWAY frame (Section 6.8) MAY be omitted in this case, since an invalid preface indicates that the peer is not using HTTP/2." per http2 sec https://http2.github.io/http2-spec/#ConnectionHeader

but it looks like h2spec requires a GOAWAY frame--please see the linked issue

rustrust avatar Apr 26 '20 20:04 rustrust

Sorry for the delayed response.

h2spec expects a GOAWAY frame OR connection to be disconnected in 3.5. It does not necessarily require a GOAWAY frame.

Looking at the output of the original Issue, it looks like the server is forcing the connection to be terminated without proper disconnection from the server. Is your server side properly terminating the connection?

Hypertext Transfer Protocol Version 2 (HTTP/2)
  3. Starting HTTP/2
    3.5. HTTP/2 Connection Preface
      × 2: Sends invalid connection preface
        -> The endpoint MUST terminate the TCP connection.
           Expected: GOAWAY Frame (Error Code: PROTOCOL_ERROR)
                     Connection closed
             Actual: Error: read tcp 127.0.0.1:56738->127.0.0.1:8080: read: connection reset by peer

summerwind avatar Jun 02 '20 14:06 summerwind

Also at Jetty we are having problems with the too strict interpretation of this section.

Sending an invalid preface may first trigger a HTTP/1.1 parser (in case a HTTP/1.1 to HTTP/2 upgrade is necessary).

The HTTP/1.1 parser will not recognize the preface and generate a HTTP/1.1 400 with a small body, and then close the connection.

Apparently, h2spec does not allow for some bytes before reading -1?

Attached a network capture that shows the issue. h2spec_3.5.pcapng.zip

Thanks!

sbordet avatar Jun 05 '20 14:06 sbordet

This issue could most probably be solved by #119

bjosv avatar Aug 24 '20 12:08 bjosv

A workaround (kludge) is

--- a/spec/verifier.go
+++ b/spec/verifier.go
@@ -66,6 +66,10 @@ func VerifyConnectionError(conn *Conn, codes ...http2.ErrCode) error {
                        if actual == nil {
                                actual = event
                        }
+               case ErrorEvent:
+                       if event.String() == "Error: unexpected EOF" {
+                               passed = true
+                       }
                default:
                        actual = event
                }

#119 addresses the issue more cleanly.

gstrauss avatar Oct 14 '20 01:10 gstrauss

Hi from Payara, both master and #119 still fail on Ubuntu the same way ...

Hypertext Transfer Protocol Version 2 (HTTP/2)
3. Starting HTTP/2
3.5. HTTP/2 Connection Preface
using source address 127.0.0.1:49970
× 2: Sends invalid connection preface
-> The endpoint MUST terminate the TCP connection.
Expected: GOAWAY Frame (Error Code: PROTOCOL_ERROR)
Connection closed
Actual: Error: unexpected EOF

The trick from @gstrauss works, but looks very nasty :-)

dmatej avatar Nov 19 '20 15:11 dmatej