crypto/tls: don't send NPN extension if NextProtos is not set.
This isn't clearly a bug on Go's part, but it triggers a bug in Firefox which means that crypto/tls and net/http cannot be wired up together unless NextProtos includes "http/1.1". When net/http sets up the tls.Config, it does this and so works fine. But anyone setting up the tls.Config themselves will hit the Firefox bug. Fixes #5445. R=golang-dev, bradfitz, r CC=golang-dev https://golang.org/cl/9539045
This commit is contained in:
parent
44490a3db4
commit
f41a7e7ee6
@ -156,7 +156,11 @@ Curves:
|
||||
if len(hs.clientHello.serverName) > 0 {
|
||||
c.serverName = hs.clientHello.serverName
|
||||
}
|
||||
if hs.clientHello.nextProtoNeg {
|
||||
// Although sending an empty NPN extension is reasonable, Firefox has
|
||||
// had a bug around this. Best to send nothing at all if
|
||||
// config.NextProtos is empty. See
|
||||
// https://code.google.com/p/go/issues/detail?id=5445.
|
||||
if hs.clientHello.nextProtoNeg && len(config.NextProtos) > 0 {
|
||||
hs.hello.nextProtoNeg = true
|
||||
hs.hello.nextProtos = config.NextProtos
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user