Skip to content

Add configuration option to enable HTTP/1.0 support#1484

Merged
kflynn merged 4 commits into
emissary-ingress:masterfrom
cyrus-mc:http1.0
May 2, 2019
Merged

Add configuration option to enable HTTP/1.0 support#1484
kflynn merged 4 commits into
emissary-ingress:masterfrom
cyrus-mc:http1.0

Conversation

@cyrus-mc

@cyrus-mc cyrus-mc commented Apr 30, 2019

Copy link
Copy Markdown

Description

Envoy supports HTTP/1.0 (https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/core/protocol.proto#envoy-api-msg-core-http1protocoloptions).

This PR exposes a configuration option via Ambassador module to enable/disable support.

Testing

With enable_http10 not set or set to false:

› curl --insecure -vvv --http1.0 https://localhost:8443
* Rebuilt URL to: https://localhost:8443/
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=Oregon; L=beaverton; CN=localhost; emailAddress=xxxx
*  start date: Apr  2 22:31:09 2019 GMT
*  expire date: May  2 22:31:09 2019 GMT
*  issuer: C=US; ST=Oregon; L=beaverton; CN=localhost; emailAddress=xxxx
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET / HTTP/1.0
> Host: localhost:8443
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 426 Upgrade Required
< date: Tue, 30 Apr 2019 22:49:24 GMT
< server: envoy
< content-length: 0
<
* Connection #0 to host localhost left intact

With enable_http10 set to true:

› curl --insecure -vvv --http1.0 https://localhost:8443
* Rebuilt URL to: https://localhost:8443/
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=Oregon; L=beaverton; CN=localhost; emailAddress=xxxx
*  start date: Apr  2 22:31:09 2019 GMT
*  expire date: May  2 22:31:09 2019 GMT
*  issuer: C=US; ST=Oregon; L=beaverton; CN=localhost; emailAddress=xxxx
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET / HTTP/1.0
> Host: localhost:8443
> User-Agent: curl/7.54.0
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 404 Not Found
< date: Tue, 30 Apr 2019 22:50:29 GMT
< server: envoy
< connection: close
< content-length: 0
<
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):

Todos

  • Tests
  • Documentation

@ryanmaclean

ryanmaclean commented Apr 30, 2019

Copy link
Copy Markdown

Thanks so much and sorry for dropping the ball <3

@kflynn

kflynn commented May 2, 2019

Copy link
Copy Markdown
Member

Looks good, thank you! I would ask you to add automated tests for it, but, uh, I'm not sure how to do HTTP/1.0 in our tests so we'll figure it out here. 😄

@kflynn kflynn merged commit 98eabf2 into emissary-ingress:master May 2, 2019
@kflynn kflynn mentioned this pull request May 2, 2019
Closed
@cyrus-mc cyrus-mc deleted the http1.0 branch May 2, 2019 16:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cyrus-mc @ryanmaclean @kflynn