From 2a7b123895ccbb5ed36235d2f68c980a6e7e6bdc Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Thu, 11 Feb 2021 15:53:04 -0800 Subject: [PATCH] turn off http2 for TLS setups for now (#11523) due to lots of issues with x/net/http2, as well as the bundled h2_bundle.go in the go runtime should be avoided for now. https://github.com/golang/go/issues/23559 https://github.com/golang/go/issues/42534 https://github.com/golang/go/issues/43989 https://github.com/golang/go/issues/33425 https://github.com/golang/go/issues/29246 With collection of such issues present, it make sense to remove HTTP2 support for now --- cmd/http/server.go | 2 +- cmd/utils.go | 74 +++++++++++++++++++++++++--------------------- go.mod | 2 -- go.sum | 12 -------- 4 files changed, 41 insertions(+), 49 deletions(-) diff --git a/cmd/http/server.go b/cmd/http/server.go index 49c38ad49..42bcf664e 100644 --- a/cmd/http/server.go +++ b/cmd/http/server.go @@ -191,7 +191,7 @@ func NewServer(addrs []string, handler http.Handler, getCert certs.GetCertificat // TLS hardening PreferServerCipherSuites: true, MinVersion: tls.VersionTLS12, - NextProtos: []string{"h2", "http/1.1"}, + NextProtos: []string{"http/1.1", "h2"}, } tlsConfig.GetCertificate = getCert } diff --git a/cmd/utils.go b/cmd/utils.go index 40cc4c39d..96c943ee9 100644 --- a/cmd/utils.go +++ b/cmd/utils.go @@ -45,7 +45,6 @@ import ( "github.com/minio/minio/cmd/logger" "github.com/minio/minio/pkg/handlers" "github.com/minio/minio/pkg/madmin" - "golang.org/x/net/http2" ) const ( @@ -474,21 +473,26 @@ func newInternodeHTTPTransport(tlsConfig *tls.Config, dialTimeout time.Duration) DisableCompression: true, } - if tlsConfig != nil { - trhttp2, _ := http2.ConfigureTransports(tr) - if trhttp2 != nil { - // ReadIdleTimeout is the timeout after which a health check using ping - // frame will be carried out if no frame is received on the - // connection. 5 minutes is sufficient time for any idle connection. - trhttp2.ReadIdleTimeout = 5 * time.Minute - // PingTimeout is the timeout after which the connection will be closed - // if a response to Ping is not received. - trhttp2.PingTimeout = dialTimeout - // DisableCompression, if true, prevents the Transport from - // requesting compression with an "Accept-Encoding: gzip" - trhttp2.DisableCompression = true - } - } + // https://github.com/golang/go/issues/23559 + // https://github.com/golang/go/issues/42534 + // https://github.com/golang/go/issues/43989 + // https://github.com/golang/go/issues/33425 + // https://github.com/golang/go/issues/29246 + // if tlsConfig != nil { + // trhttp2, _ := http2.ConfigureTransports(tr) + // if trhttp2 != nil { + // // ReadIdleTimeout is the timeout after which a health check using ping + // // frame will be carried out if no frame is received on the + // // connection. 5 minutes is sufficient time for any idle connection. + // trhttp2.ReadIdleTimeout = 5 * time.Minute + // // PingTimeout is the timeout after which the connection will be closed + // // if a response to Ping is not received. + // trhttp2.PingTimeout = dialTimeout + // // DisableCompression, if true, prevents the Transport from + // // requesting compression with an "Accept-Encoding: gzip" + // trhttp2.DisableCompression = true + // } + // } return func() http.RoundTripper { return tr @@ -537,24 +541,26 @@ func newCustomHTTPTransport(tlsConfig *tls.Config, dialTimeout time.Duration) fu DisableCompression: true, } - if tlsConfig != nil { - trhttp2, _ := http2.ConfigureTransports(tr) - if trhttp2 != nil { - // ReadIdleTimeout is the timeout after which a health check using ping - // frame will be carried out if no frame is received on the - // connection. 5 minutes is above maximum sane scrape interval, - // we should not have this small overhead on the scrape connections. - // For other cases, this is used to validate that the connection can - // still be used. - trhttp2.ReadIdleTimeout = 5 * time.Minute - // PingTimeout is the timeout after which the connection will be closed - // if a response to Ping is not received. - trhttp2.PingTimeout = dialTimeout - // DisableCompression, if true, prevents the Transport from - // requesting compression with an "Accept-Encoding: gzip" - trhttp2.DisableCompression = true - } - } + // https://github.com/golang/go/issues/23559 + // https://github.com/golang/go/issues/42534 + // https://github.com/golang/go/issues/43989 + // https://github.com/golang/go/issues/33425 + // https://github.com/golang/go/issues/29246 + // if tlsConfig != nil { + // trhttp2, _ := http2.ConfigureTransports(tr) + // if trhttp2 != nil { + // // ReadIdleTimeout is the timeout after which a health check using ping + // // frame will be carried out if no frame is received on the + // // connection. 5 minutes is sufficient time for any idle connection. + // trhttp2.ReadIdleTimeout = 5 * time.Minute + // // PingTimeout is the timeout after which the connection will be closed + // // if a response to Ping is not received. + // trhttp2.PingTimeout = dialTimeout + // // DisableCompression, if true, prevents the Transport from + // // requesting compression with an "Accept-Encoding: gzip" + // trhttp2.DisableCompression = true + // } + // } return func() *http.Transport { return tr diff --git a/go.mod b/go.mod index 2ee6f460e..cffbcbee6 100644 --- a/go.mod +++ b/go.mod @@ -70,7 +70,6 @@ require ( github.com/prometheus/client_golang v1.8.0 github.com/prometheus/client_model v0.2.0 github.com/prometheus/procfs v0.2.0 - github.com/quasilyte/go-ruleguard v0.2.1 // indirect github.com/rjeczalik/notify v0.9.2 github.com/rs/cors v1.7.0 github.com/secure-io/sio-go v0.3.1 @@ -80,7 +79,6 @@ require ( github.com/tidwall/gjson v1.6.7 github.com/tidwall/sjson v1.0.4 github.com/tinylib/msgp v1.1.3 - github.com/ttacon/chalk v0.0.0-20160626202418-22c06c80ed31 // indirect github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a github.com/willf/bitset v1.1.11 // indirect github.com/willf/bloom v2.0.3+incompatible diff --git a/go.sum b/go.sum index 9267cc1c4..53da0f5c1 100644 --- a/go.sum +++ b/go.sum @@ -417,8 +417,6 @@ github.com/minio/md5-simd v1.1.0 h1:QPfiOqlZH+Cj9teu0t9b1nTBfPbyTl16Of5MeuShdK4= github.com/minio/md5-simd v1.1.0/go.mod h1:XpBqgZULrMYD3R+M28PcmP0CkI7PEMzB3U77ZrKZ0Gw= github.com/minio/md5-simd v1.1.1 h1:9ojcLbuZ4gXbB2sX53MKn8JUZ0sB/2wfwsEcRw+I08U= github.com/minio/md5-simd v1.1.1/go.mod h1:XpBqgZULrMYD3R+M28PcmP0CkI7PEMzB3U77ZrKZ0Gw= -github.com/minio/minio-go/v7 v7.0.8 h1:snnHtYkHz3TKrQJY1jTQGOZqnue79pbYTukuwqz/QvM= -github.com/minio/minio-go/v7 v7.0.8/go.mod h1:pEZBUa+L2m9oECoIA6IcSK8bv/qggtQVLovjeKK5jYc= github.com/minio/minio-go/v7 v7.0.9-0.20210210235136-83423dddb072 h1:zlheLAzZ66jYLUsa81R8gwPtSgKRI5FMJyAKuaJpkHE= github.com/minio/minio-go/v7 v7.0.9-0.20210210235136-83423dddb072/go.mod h1:pEZBUa+L2m9oECoIA6IcSK8bv/qggtQVLovjeKK5jYc= github.com/minio/selfupdate v0.3.1 h1:BWEFSNnrZVMUWXbXIgLDNDjbejkmpAmZvy/nCz1HlEs= @@ -557,8 +555,6 @@ github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+Gx github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.2.0 h1:wH4vA7pcjKuZzjF7lM8awk4fnuJO6idemZXoKnULUx4= github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/quasilyte/go-ruleguard v0.2.1 h1:56eRm0daAyny9UhJnmtJW/UyLZQusukBAB8oT8AHKHo= -github.com/quasilyte/go-ruleguard v0.2.1/go.mod h1:hN2rVc/uS4bQhQKTio2XaSJSafJwqBUWWwtssT3cQmc= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a h1:9ZKAASQSHhDYGoxY8uLVpewe1GDZ2vu2Tr/vTdVAkFQ= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 h1:MkV+77GLUNo5oJ0jf870itWm3D0Sjh7+Za9gazKc5LQ= @@ -632,12 +628,8 @@ github.com/tidwall/sjson v1.0.4 h1:UcdIRXff12Lpnu3OLtZvnc03g4vH2suXDXhBwBqmzYg= github.com/tidwall/sjson v1.0.4/go.mod h1:bURseu1nuBkFpIES5cz6zBtjmYeOQmEESshn7VpF15Y= github.com/tinylib/msgp v1.1.3 h1:3giwAkmtaEDLSV0MdO1lDLuPgklgPzmk8H9+So2BVfA= github.com/tinylib/msgp v1.1.3/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE= -github.com/tinylib/msgp v1.1.5 h1:2gXmtWueD2HefZHQe1QOy9HVzmFrLOVvsXwXBQ0ayy0= -github.com/tinylib/msgp v1.1.5/go.mod h1:eQsjooMTnV42mHu917E26IogZ2930nFyBQdofk10Udg= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8 h1:ndzgwNDnKIqyCvHTXaCqh9KlOWKvBry6nuXMJmonVsE= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/ttacon/chalk v0.0.0-20160626202418-22c06c80ed31 h1:OXcKh35JaYsGMRzpvFkLv/MEyPuL49CThT1pZ8aSml4= -github.com/ttacon/chalk v0.0.0-20160626202418-22c06c80ed31/go.mod h1:onvgF043R+lC5RZ8IT9rBXDaEDnpnw/Cl+HFiw+v/7Q= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= @@ -653,7 +645,6 @@ github.com/xdg/stringprep v1.0.0 h1:d9X0esnoa3dFsV0FG35rAT0RIhYFlPq7MiP+DW89La0= github.com/xdg/stringprep v1.0.0/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= go.etcd.io/bbolt v1.3.3 h1:MUGmc65QhB3pIlaQ5bB4LwqSj6GIonVJXpZiaKNyaKk= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= @@ -750,7 +741,6 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9 h1:SQFwaSi55rU7vdNs9Yr0Z324VNlrF+0wMqRXT4St8ck= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -825,8 +815,6 @@ golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200812195022-5ae4c3c160a0/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20201022035929-9cf592e881e9/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201105001634-bc3cf281b174/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0 h1:po9/4sTYwZU9lPhi1tOrb4hCv3qrhiQ77LZfGa2OjwY= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=