Please disable a field trial that disables HTTP/2, so I can visit my h2-only website
Reported by
darkudo...@gmail.com,
Jun 15 2018
|
|||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 Example URL: https://dev.terrax.net Steps to reproduce the problem: Open https://dev.terrax.net. What is the expected behavior? chrome://net-internals/#http2 should always have ALPN h2. What went wrong? 1.) I think a "field trial" is disabling HTTP/2 for me, so I can't visit my website (made with Rust: hyper, h2, tokio-rustls, rustls, ring, webpki, static-compress). It can be fixed by restarting Chrome Dev multiple times. I would like to keep my profile. Suspected line of code: https://cs.chromium.org/chromium/src/components/network_session_configurator/browser/network_session_configurator.cc?l=124&rcl=2292f91389c3df9494db32941af0194e94826e9b https://www.ssllabs.com/ssltest/analyze.html?d=dev.terrax.net&hideResults=on https://www.hardenize.com/report/dev.terrax.net#www_https 2.) Please ping the Googlebot team to make it talk h2. 3.) Is my status code okay, or should I rather respond "426 Upgrade Required"? Did this work before? N/A Chrome version: 69.0.3452.0 Channel: dev OS Version: Debian Testing Flash Version: pervert chrome://version/ Varianten c134752e-95b424ac 411b6d4e-f23d1dea fe69e053-83ce3e87 d01ab0d3-dc42efca b7e2524c-3f4a17df 3cd9377c-ca7d8d80 da89714-4ad60575 fb88346a-ca7d8d80 b1681d28-1410f10 9041608a-3f4a17df 8502ae4f-6b5e5ddf 1e528f0f-ca7d8d80 afb5d7b8-f23d1dea ca05d627-3f4a17df 7c1bc906-86bf56d9 47e5d3db-3d47f4f4 125b7f68-c7a5f76 d442dfb7-41afa35c 1149accc-3f4a17df 6557d030-6557d030 4dc30737-b8a5ea08 34d450b1-9f753fe6 459a590c-c6cddeea a582a1b8-ad75ce17 67a989a4-644724e3 3042ad4b-59e92cae 591576c8-2f2d0be0 41a7f344-3f4a17df 44827ee5-3f4a17df edbcf7c5-ca7d8d80 5485fc4d-3f4a17df 9773d3bd-ca7d8d80 93731dca-82fd7ac9 41f007f9-41f007f9 8fa604e0-ca7d8d80 c992f345-4ad60575 9e5c75f1-b707807e f2fd8aaf-88c03cef f79cb77b-3f4a17df 7a5ba892-f23d1dea d1cd70a5-ca7d8d80 4ea303a6-c603c77 6e6e0c7e-f23d1dea d92562a9-cfe3c2ea f6b41a91-e90cb33f 2c1d398c-f23d1dea 6973a1cf-3f4a17df da460ac8-3f4a17df 5a42b5d9-f23d1dea 344833e9-473e8c2e 3f273a97-e3ad1896 4bc337ce-69465896 9a2f4e5b-ca7d8d80 494d8760-52325d43 3ac60855-486e2a9c f296190c-fd6d2f5a 4442aae2-4ad60575 ed1d377-e1cc0f14 12e17bc5-e1cc0f14 75f0f0a0-d7f6b13c e2b18481-bd104136 e7e71889-e1cc0f14 6e3b857e-3f4a17df bbb8f811-3f4a17df 6a51bb09-6a51bb09 308674c4-ca7d8d80 41aa6aaa-2b71c400 94e68624-3f4a17df cc73f8a1-a2d707c6 10a311eb-cf4f6ead 8834fcca-cf4f6ead 530efe1f-3d47f4f4 3f33c9bd-ca7d8d80 81c6897f-f23d1dea
,
Jun 15 2018
Thank you for your instructions! I tried setting chrome://flags/#enable-mark-http-as (which seems to be the new name of that pref) to "Disabled" and "Enabled (mark as actively dangerous)", but it didn't help. (You wanted to imply that a non-standard configuration cancels all field trials?) I searched for "http" and disabled all prefs and it didn't help either. Please don't let me switch every pref of that long list from Default to Disabled.^^ Most times, a freshly started Chrome Dev has "HTTP/2 Enabled: false" on chrome://net-internals/#http2 as seen on the screenshot. I can't reproduce this problem with https://packages.debian.org/de/buster/chromium (62.0.3202.89-1). > I wasn't able to connect It's IPv6-only DNS + HTTPS. A few people had the same problem: Maybe your company-internal DNS Resolver is legacy-only? http://dnsviz.net/d/dev.terrax.net/dnssec/ https://dns.google.com/query?name=dev.terrax.net&type=AAAA&dnssec=true https://developers.google.com/speed/pagespeed/insights/?hl=de&url=https%3A%2F%2Fdev.terrax.net%2F
,
Jun 15 2018
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 18 2018
,
Jun 18 2018
You can probably force the field trial state using command line chrome --force-fieldtrials=HTTP2/Enabled Related switches: --reset-variation-state --disable-field-trial-config
,
Jun 18 2018
to 1) --force-fieldtrials=HTTP2/DisablePush is always bad (like on the screenshot) and --force-fieldtrials=HTTP2/Enabled is always good. Thank you! to 2 + 3) Before we deploy this behavior accross more servers hopefully to the end of the year, please tell me if it's fine from your perspective to respond with "HTTP/1.1 505 HTTP Version not supported" to a client that doesn't advertise h2 via alpn. Or would you expect a different behavior, to tell a client that we only want to support h2? The goal is to go TLS 1.3-only + h2-only as soon as all major clients support it. When Googlebot will be upgraded to TLS 1.3 it should support h2 as well. Please make it happen! ;-)
,
Jun 19 2018
The issue seems to out of TE-scope as it is related to upgrading Googlebot to TLS 1.3. Hence, adding label TE-NeedsTriageHelp for further investigation from dev team. Thanks...!!
,
Jun 20 2018
,
Jun 22 2018
Thank you for your feedback. This field trial has been created by mistake, I'll make sure to fix it.
,
Jun 27 2018
This is now fixed. You will need to restart your browser for the change to take effect. Thank you for reporting. Regarding (3), I believe 505 is an appropriate response code. Another option is to fail the TLS handshake if the client does not advertise h2, though arguably serving a 505 provides more guidance to the user on how to retry. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by kapishnikov@chromium.org
, Jun 15 2018