Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(s2n-tls-hyper): Allow plain HTTP connections #4978

Merged
merged 4 commits into from
Dec 17, 2024
Merged

feat(s2n-tls-hyper): Allow plain HTTP connections #4978

merged 4 commits into from
Dec 17, 2024

Conversation

goatgoose
Copy link
Contributor

@goatgoose goatgoose commented Dec 16, 2024
edited
Loading

Description of changes:

Currently, an HttpsConnector can only be used to make secure HTTPS requests over TLS. If communication with an insecure HTTP endpoint is attempted, an InvalidScheme error is returned. This behavior prevents accidentally bypassing TLS if an insecure endpoint is provided.

However, this behavior may be desirable in some circumstances, if communication with both HTTPS and HTTP endpoints is required. This PR allows an HttpsConnector to be constructed with an insecure_http option, allowing for HTTP over plain TCP to be communicated if an HTTP route is provided.

Call-outs:

Previously we were erroring for HTTP schemes but permitting all other schemes (not just HTTPS). This was changed to now error for all unexpected schemes.

Is with_insecure_http a good name for the API? Other possible options:

Testing:

Added a new localhost plain TCP HTTP test, which ensures that TLS is successfully bypassed, and that the plain HTTP option is disabled by default.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Dec 16, 2024
@goatgoose goatgoose marked this pull request as ready for review December 16, 2024 20:41
@goatgoose @WesleyRosenblum
document default behavior
9c998c6 
Co-authored-by: Wesley Rosenblum <55108558+WesleyRosenblum@users.noreply.github.com>
jmayclin
jmayclin approved these changes Dec 17, 2024
View reviewed changes
bindings/rust/s2n-tls-hyper/src/connector.rs Outdated
}

impl<Http, ConnBuilder> Builder<Http, ConnBuilder> {
/// If enabled, allows communication with insecure HTTP endpoints in addition to secure HTTPS endpoints (default: false).
pub fn with_insecure_http(&mut self, enabled: bool) -> &mut Self {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thought: is insecure too strong a word for this? Maybe something like with_plaintext_http would be a bit more ambivalent.

Although I guess if you're going through the trouble of using the s2n-tls-hyper connector, plaintext http is a little sus. I don't think the current naming was bad, just curious about reasoning.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah insecure was meant less as a warning and more to differentiate from "secure" in HTTPS. So with_plaintext_http works just as well if that makes the meaning more clear.

@goatgoose goatgoose requested a review from jmayclin December 17, 2024 15:41
@goatgoose goatgoose added this pull request to the merge queue Dec 17, 2024
Merged via the queue into aws:main with commit 27e2fad Dec 17, 2024
40 checks passed
@goatgoose goatgoose deleted the insecure-http branch December 17, 2024 19:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@WesleyRosenblum WesleyRosenblum WesleyRosenblum approved these changes

@jmayclin jmayclin jmayclin approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@goatgoose @jmayclin @WesleyRosenblum