src/crypto · 41d6315e34f677c7102c73253819b12cf6e3e209 · go / golang

crypto/tls, net/http: reject HTTP requests to HTTPS server · c942191c

Brad Fitzpatrick authored Mar 15, 2018

This adds a crypto/tls.RecordHeaderError.Conn field containing the TLS
underlying net.Conn for non-TLS handshake errors, and then uses it in
the net/http Server to return plaintext HTTP 400 errors when a client
mistakenly sends a plaintext HTTP request to an HTTPS server. This is the
same behavior as Apache.

Also in crypto/tls: swap two error paths to not use a value before
it's valid, and don't send a alert record when a handshake contains a
bogus TLS record (a TLS record in response won't help a non-TLS
client).

Fixes #23689

Change-Id: Ife774b1e3886beb66f25ae4587c62123ccefe847
Reviewed-on: https://go-review.googlesource.com/c/143177Reviewed-by: Filippo Valsorda <filippo@golang.org>

c942191c

Name	Last commit	Last update
..
aes		Loading commit data...
cipher		Loading commit data...
des		Loading commit data...
dsa		Loading commit data...
ecdsa		Loading commit data...
elliptic		Loading commit data...
hmac		Loading commit data...
internal		Loading commit data...
md5		Loading commit data...
rand		Loading commit data...
rc4		Loading commit data...
rsa		Loading commit data...
sha1		Loading commit data...
sha256		Loading commit data...
sha512		Loading commit data...
subtle		Loading commit data...
tls		Loading commit data...
x509		Loading commit data...
crypto.go		Loading commit data...
issue21104_test.go		Loading commit data...