You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "synth3 (Jira)" <ji...@apache.org> on 2020/10/19 13:33:00 UTC
[jira] [Updated] (HTTPCLIENT-2120) Support HTTP/2 (TLS) Tunneling
over HTTP-Proxy
[ https://issues.apache.org/jira/browse/HTTPCLIENT-2120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
synth3 updated HTTPCLIENT-2120:
-------------------------------
Description:
*First of all:*
* Are there plans for supporting HTTP/2 (with TLS) connections via corporate HTTP-proxies?
** If yes: is there a schedule?
* Could you please add documentation to "https://hc.apache.org" that makes it clear that the HTTP/2 implementation does currently not support HTTP-proxies?
** This alone could save people hours of programming something that has no chance to work and debugging afterwards
** The only clear statement I found regarding that topic was at a migration guide ("https://ok2c.github.io/httpclient-migration-guide/migration-to-async-http2.html")
*Observations while trying to establish a HTTP/2 connection via proxy:*
The observations can be made using the following minimal example with {{[proxy_ip]:[proxy_port]}} replaced with host and port of an actual HTTP-Proxy:
{code:java}
CloseableHttpAsyncClient client = HttpAsyncClients.custom()
.setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_2)
.setProxy(HttpHost.create("[proxy_ip]:[proxy_port]")).build();
client.start();
// throws org.apache.hc.core5.http.ConnectionClosedException
client.execute(SimpleHttpRequests.get("https://http2.pro/client"), null).get();
{code}
The above code throws the following Exception:
{code:java}
Exception in thread "main" java.util.concurrent.ExecutionException: org.apache.hc.core5.http.ConnectionClosedException: Connection is closed
at org.apache.hc.core5.concurrent.BasicFuture.getResult(BasicFuture.java:72)
at org.apache.hc.core5.concurrent.BasicFuture.get(BasicFuture.java:85)
at com.test.MinimalProxyTest.basicTest(MinimalProxyTest.java:41)
at com.test.MinimalProxyTest.main(MinimalProxyTest.java:23)
Caused by: org.apache.hc.core5.http.ConnectionClosedException: Connection is closed
at org.apache.hc.core5.http2.impl.nio.AbstractH2StreamMultiplexer.onException(AbstractH2StreamMultiplexer.java:661)
at org.apache.hc.core5.http2.impl.nio.AbstractH2IOEventHandler.exception(AbstractH2IOEventHandler.java:91)
at org.apache.hc.core5.http2.impl.nio.ClientH2IOEventHandler.exception(ClientH2IOEventHandler.java:39)
at org.apache.hc.core5.reactor.InternalDataChannel.onException(InternalDataChannel.java:162)
at org.apache.hc.core5.reactor.InternalChannel.handleIOEvent(InternalChannel.java:55)
at org.apache.hc.core5.reactor.SingleCoreIOReactor.processEvents(SingleCoreIOReactor.java:179)
at org.apache.hc.core5.reactor.SingleCoreIOReactor.doExecute(SingleCoreIOReactor.java:128)
at org.apache.hc.core5.reactor.AbstractSingleCoreIOReactor.execute(AbstractSingleCoreIOReactor.java:85)
at org.apache.hc.core5.reactor.IOReactorWorker.run(IOReactorWorker.java:44)
at java.base/java.lang.Thread.run(Thread.java:832)
{code}
* There is no exception thrown that makes clear that this constellation (HTTP/2 + Proxy) is not supported
** Even though I found {{org.apache.hc.client5.http.impl.async.InternalHttpAsyncClient.determineRoute(HttpHost, HttpClientContext)}} with {{throw new HttpException("HTTP/2 tunneling not supported")}} which is not triggered because {{HttpClientContext.getProtocolVersion()}} returns {{HTTP-1.1}}
* Looking at the Logs I see that the HTTP/2 request was tried to be performed unencrypted and the Proxy sends {{HTTP/1.0 400 Bad Request}} and closes the connection
* Also in the logs I can see {{Code FRAME_SIZE_ERROR}} and {{Frame size exceeds maximum}} which might be caused by trying to consume the HTTP-1.1 proxy response as HTTP/2
** The associated Exception ({{H2ConnectionException: Frame size exceeds maximum}}) is omitted in {{org.apache.hc.core5.http2.impl.nio.AbstractH2StreamMultiplexer.onException(Exception)}} where {{((ExecutableCommand) command).failed(new ConnectionClosedException())}} is called
*What can be done?*
If I wanted to support you in implementing the HTTP/2 via proxy support where would I have to start?
* When I understand the situation right then we are almost there and the only problem is that the HTTP/2 request is tried to be performed without encryption
was:
*First of all:*
* Are there plans for supporting HTTP/2 (with TLS) connections via corporate HTTP-proxies?
** If yes: is there a schedule?
* Could you please add documentation to "https://hc.apache.org" that makes it clear that the HTTP/2 implementation does currently not support HTTP-proxies?
** This alone could save people hours of programming something that has no chance to work and debugging afterwards
** The only clear statement I found regarding that topic was at a migration guide ("https://ok2c.github.io/httpclient-migration-guide/migration-to-async-http2.html")
*Observations while trying to establish a HTTP/2 connection via proxy:*
The observations can be made using the following minimal example with {{[proxy_ip]:[proxy_port]}} replaced with host and port of an actual HTTP-Proxy:
{code:java}
CloseableHttpAsyncClient client = HttpAsyncClients.custom()
.setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_2)
.setProxy(HttpHost.create("[proxy_ip]:[proxy_port]")).build();
client.start();
// throws org.apache.hc.core5.http.ConnectionClosedException
client.execute(SimpleHttpRequests.get("https://http2.pro/client"), null).get();
{code}
The above code throws the following Exception:
{code:java}
Exception in thread "main" java.util.concurrent.ExecutionException: org.apache.hc.core5.http.ConnectionClosedException: Connection is closed
at org.apache.hc.core5.concurrent.BasicFuture.getResult(BasicFuture.java:72)
at org.apache.hc.core5.concurrent.BasicFuture.get(BasicFuture.java:85)
at com.tsystems.push2mobile.transport.apple.MinimalProxyTest.basicTest(MinimalProxyTest.java:41)
at com.tsystems.push2mobile.transport.apple.MinimalProxyTest.main(MinimalProxyTest.java:23)
Caused by: org.apache.hc.core5.http.ConnectionClosedException: Connection is closed
at org.apache.hc.core5.http2.impl.nio.AbstractH2StreamMultiplexer.onException(AbstractH2StreamMultiplexer.java:661)
at org.apache.hc.core5.http2.impl.nio.AbstractH2IOEventHandler.exception(AbstractH2IOEventHandler.java:91)
at org.apache.hc.core5.http2.impl.nio.ClientH2IOEventHandler.exception(ClientH2IOEventHandler.java:39)
at org.apache.hc.core5.reactor.InternalDataChannel.onException(InternalDataChannel.java:162)
at org.apache.hc.core5.reactor.InternalChannel.handleIOEvent(InternalChannel.java:55)
at org.apache.hc.core5.reactor.SingleCoreIOReactor.processEvents(SingleCoreIOReactor.java:179)
at org.apache.hc.core5.reactor.SingleCoreIOReactor.doExecute(SingleCoreIOReactor.java:128)
at org.apache.hc.core5.reactor.AbstractSingleCoreIOReactor.execute(AbstractSingleCoreIOReactor.java:85)
at org.apache.hc.core5.reactor.IOReactorWorker.run(IOReactorWorker.java:44)
at java.base/java.lang.Thread.run(Thread.java:832)
{code}
* There is no exception thrown that makes clear that this constellation (HTTP/2 + Proxy) is not supported
** Even though I found {{org.apache.hc.client5.http.impl.async.InternalHttpAsyncClient.determineRoute(HttpHost, HttpClientContext)}} with {{throw new HttpException("HTTP/2 tunneling not supported")}} which is not triggered because {{HttpClientContext.getProtocolVersion()}} returns {{HTTP-1.1}}
* Looking at the Logs I see that the HTTP/2 request was tried to be performed unencrypted and the Proxy sends {{HTTP/1.0 400 Bad Request}} and closes the connection
* Also in the logs I can see {{Code FRAME_SIZE_ERROR}} and {{Frame size exceeds maximum}} which might be caused by trying to consume the HTTP-1.1 proxy response as HTTP/2
** The associated Exception ({{H2ConnectionException: Frame size exceeds maximum}}) is omitted in {{org.apache.hc.core5.http2.impl.nio.AbstractH2StreamMultiplexer.onException(Exception)}} where {{((ExecutableCommand) command).failed(new ConnectionClosedException())}} is called
*What can be done?*
If I wanted to support you in implementing the HTTP/2 via proxy support where would I have to start?
* When I understand the situation right then we are almost there and the only problem is that the HTTP/2 request is tried to be performed without encryption
> Support HTTP/2 (TLS) Tunneling over HTTP-Proxy
> ----------------------------------------------
>
> Key: HTTPCLIENT-2120
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2120
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (async)
> Affects Versions: 5.0.3
> Reporter: synth3
> Priority: Critical
> Labels: http2, proxy
>
> *First of all:*
> * Are there plans for supporting HTTP/2 (with TLS) connections via corporate HTTP-proxies?
> ** If yes: is there a schedule?
> * Could you please add documentation to "https://hc.apache.org" that makes it clear that the HTTP/2 implementation does currently not support HTTP-proxies?
> ** This alone could save people hours of programming something that has no chance to work and debugging afterwards
> ** The only clear statement I found regarding that topic was at a migration guide ("https://ok2c.github.io/httpclient-migration-guide/migration-to-async-http2.html")
> *Observations while trying to establish a HTTP/2 connection via proxy:*
> The observations can be made using the following minimal example with {{[proxy_ip]:[proxy_port]}} replaced with host and port of an actual HTTP-Proxy:
> {code:java}
> CloseableHttpAsyncClient client = HttpAsyncClients.custom()
> .setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_2)
> .setProxy(HttpHost.create("[proxy_ip]:[proxy_port]")).build();
> client.start();
> // throws org.apache.hc.core5.http.ConnectionClosedException
> client.execute(SimpleHttpRequests.get("https://http2.pro/client"), null).get();
> {code}
> The above code throws the following Exception:
> {code:java}
> Exception in thread "main" java.util.concurrent.ExecutionException: org.apache.hc.core5.http.ConnectionClosedException: Connection is closed
> at org.apache.hc.core5.concurrent.BasicFuture.getResult(BasicFuture.java:72)
> at org.apache.hc.core5.concurrent.BasicFuture.get(BasicFuture.java:85)
> at com.test.MinimalProxyTest.basicTest(MinimalProxyTest.java:41)
> at com.test.MinimalProxyTest.main(MinimalProxyTest.java:23)
> Caused by: org.apache.hc.core5.http.ConnectionClosedException: Connection is closed
> at org.apache.hc.core5.http2.impl.nio.AbstractH2StreamMultiplexer.onException(AbstractH2StreamMultiplexer.java:661)
> at org.apache.hc.core5.http2.impl.nio.AbstractH2IOEventHandler.exception(AbstractH2IOEventHandler.java:91)
> at org.apache.hc.core5.http2.impl.nio.ClientH2IOEventHandler.exception(ClientH2IOEventHandler.java:39)
> at org.apache.hc.core5.reactor.InternalDataChannel.onException(InternalDataChannel.java:162)
> at org.apache.hc.core5.reactor.InternalChannel.handleIOEvent(InternalChannel.java:55)
> at org.apache.hc.core5.reactor.SingleCoreIOReactor.processEvents(SingleCoreIOReactor.java:179)
> at org.apache.hc.core5.reactor.SingleCoreIOReactor.doExecute(SingleCoreIOReactor.java:128)
> at org.apache.hc.core5.reactor.AbstractSingleCoreIOReactor.execute(AbstractSingleCoreIOReactor.java:85)
> at org.apache.hc.core5.reactor.IOReactorWorker.run(IOReactorWorker.java:44)
> at java.base/java.lang.Thread.run(Thread.java:832)
> {code}
> * There is no exception thrown that makes clear that this constellation (HTTP/2 + Proxy) is not supported
> ** Even though I found {{org.apache.hc.client5.http.impl.async.InternalHttpAsyncClient.determineRoute(HttpHost, HttpClientContext)}} with {{throw new HttpException("HTTP/2 tunneling not supported")}} which is not triggered because {{HttpClientContext.getProtocolVersion()}} returns {{HTTP-1.1}}
> * Looking at the Logs I see that the HTTP/2 request was tried to be performed unencrypted and the Proxy sends {{HTTP/1.0 400 Bad Request}} and closes the connection
> * Also in the logs I can see {{Code FRAME_SIZE_ERROR}} and {{Frame size exceeds maximum}} which might be caused by trying to consume the HTTP-1.1 proxy response as HTTP/2
> ** The associated Exception ({{H2ConnectionException: Frame size exceeds maximum}}) is omitted in {{org.apache.hc.core5.http2.impl.nio.AbstractH2StreamMultiplexer.onException(Exception)}} where {{((ExecutableCommand) command).failed(new ConnectionClosedException())}} is called
> *What can be done?*
> If I wanted to support you in implementing the HTTP/2 via proxy support where would I have to start?
> * When I understand the situation right then we are almost there and the only problem is that the HTTP/2 request is tried to be performed without encryption
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org