[Python-checkins] bpo-40968: Send http/1.1 ALPN extension (#20959)
tiran
webhook-mailer at python.org
Fri Nov 13 10:38:00 EST 2020
https://github.com/python/cpython/commit/f97406be4c0a02c1501c7ab8bc8ef3850eddb962
commit: f97406be4c0a02c1501c7ab8bc8ef3850eddb962
branch: master
author: Christian Heimes <christian at python.org>
committer: tiran <christian at python.org>
date: 2020-11-13T16:37:52+01:00
summary:
bpo-40968: Send http/1.1 ALPN extension (#20959)
Signed-off-by: Christian Heimes <christian at python.org>
files:
A Misc/NEWS.d/next/Library/2020-06-18-11-35-16.bpo-40968.R8Edbv.rst
M Doc/library/http.client.rst
M Doc/library/urllib.request.rst
M Lib/http/client.py
M Lib/urllib/request.py
diff --git a/Doc/library/http.client.rst b/Doc/library/http.client.rst
index 35997db2a9d27..56f4c0a0d772f 100644
--- a/Doc/library/http.client.rst
+++ b/Doc/library/http.client.rst
@@ -99,6 +99,11 @@ The module provides the following classes:
:attr:`ssl.SSLContext.post_handshake_auth` for the default *context* or
when *cert_file* is passed with a custom *context*.
+ .. versionchanged:: 3.10
+ This class now sends an ALPN extension with protocol indicator
+ ``http/1.1`` when no *context* is given. Custom *context* should set
+ ALPN protocols with :meth:`~ssl.SSLContext.set_alpn_protocol`.
+
.. deprecated:: 3.6
*key_file* and *cert_file* are deprecated in favor of *context*.
diff --git a/Doc/library/urllib.request.rst b/Doc/library/urllib.request.rst
index b37f230feb601..b4435a62ad43d 100644
--- a/Doc/library/urllib.request.rst
+++ b/Doc/library/urllib.request.rst
@@ -109,6 +109,11 @@ The :mod:`urllib.request` module defines the following functions:
.. versionchanged:: 3.4.3
*context* was added.
+ .. versionchanged:: 3.10
+ HTTPS connection now send an ALPN extension with protocol indicator
+ ``http/1.1`` when no *context* is given. Custom *context* should set
+ ALPN protocols with :meth:`~ssl.SSLContext.set_alpn_protocol`.
+
.. deprecated:: 3.6
*cafile*, *capath* and *cadefault* are deprecated in favor of *context*.
diff --git a/Lib/http/client.py b/Lib/http/client.py
index 15abcfeada591..a54679cf84d18 100644
--- a/Lib/http/client.py
+++ b/Lib/http/client.py
@@ -1407,6 +1407,9 @@ def __init__(self, host, port=None, key_file=None, cert_file=None,
self.cert_file = cert_file
if context is None:
context = ssl._create_default_https_context()
+ # send ALPN extension to indicate HTTP/1.1 protocol
+ if self._http_vsn == 11:
+ context.set_alpn_protocols(['http/1.1'])
# enable PHA for TLS 1.3 connections if available
if context.post_handshake_auth is not None:
context.post_handshake_auth = True
diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
index a8c870b9778eb..39974d975ee1e 100644
--- a/Lib/urllib/request.py
+++ b/Lib/urllib/request.py
@@ -202,6 +202,8 @@ def urlopen(url, data=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH,
cafile=cafile,
capath=capath)
+ # send ALPN extension to indicate HTTP/1.1 protocol
+ context.set_alpn_protocols(['http/1.1'])
https_handler = HTTPSHandler(context=context)
opener = build_opener(https_handler)
elif context:
diff --git a/Misc/NEWS.d/next/Library/2020-06-18-11-35-16.bpo-40968.R8Edbv.rst b/Misc/NEWS.d/next/Library/2020-06-18-11-35-16.bpo-40968.R8Edbv.rst
new file mode 100644
index 0000000000000..6bcbaaa9ab929
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2020-06-18-11-35-16.bpo-40968.R8Edbv.rst
@@ -0,0 +1,2 @@
+:mod:`urllib.request` and :mod:`http.client` now send ``http/1.1`` ALPN
+extension during TLS handshake when no custom context is supplied.
More information about the Python-checkins
mailing list