Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Autoresolve grpcs scheme for port 443 #646

Open
cthulhu-rider opened this issue Dec 4, 2024 · 6 comments
Open

Autoresolve grpcs scheme for port 443 #646

cthulhu-rider opened this issue Dec 4, 2024 · 6 comments
Labels
client Issue related to the client discussion Open discussion of some problem feature Completely new functionality

Comments

@cthulhu-rider
Copy link
Contributor

cthulhu-rider commented Dec 4, 2024
edited
Loading

Is your feature request related to a problem? Please describe.

Client uses insecure grpc scheme when scheme is missing in the address parameter. Port 443 is reserved for http protocol over TLS/SSL. For users, it would be easier if conn scheme defaulted to grpcs for addresses with this port cuz it's easier to forget the scheme than desire to try dial it insecurely

Describe the solution you'd like

when port is 443, make a TLS dial

Describe alternatives you've considered

no

Additional context

nspcc-dev/neo-go#3721
@cthulhu-rider cthulhu-rider added client Issue related to the client discussion Open discussion of some problem feature Completely new functionality labels Dec 4, 2024
@roman-khimov
Copy link
Member

Really questionable. Admins can do all sorts of weird things. You don't know if 443 is TLS or not in any particular scenario. Normally it is. But some can find reasons to do otherwise. Schemes are exactly for that, http/https, grpc/grpcs. If we were talking about the default port when it's not specified, that'd be a different story, there are known good ones to use. But when it's specified without a scheme you have to resort to the default scheme which is not using TLS.

@532910
Copy link

532910 commented Dec 5, 2024

I'd prefer to have 443 as a default: grpcs://st1.storage.fs.neo.org

@cthulhu-rider
Copy link
Contributor Author

cthulhu-rider commented Dec 5, 2024
edited
Loading

Normally it is.

exactly, this is where defaults fit well, which should make life easier in real practice

But some can find reasons to do otherwise.

ofc, but this is much more rare case tbh. For them, it is worth explicitly specifying the scheme

I'd prefer to have 443 as a default: grpcs://st1.storage.fs.neo.org

i like this too. In total, I'd expect following resolution:

  • host:443 -> grpcs://host:443
  • grpcs://host -> grpcs://host:443

this would cover most practical cases and reduce the likelihood of random mistake

i can also agree with @roman-khimov opinion cuz curl does not use HTTPS by default for 443

$ curl 157.90.176.145:443
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>

browsers' behavior vary: Chrome uses HTTPS while Firefox does not

@532910
Copy link

532910 commented Dec 5, 2024

Firefox also uses https by default

@cthulhu-rider
Copy link
Contributor Author

Firefox also uses https by default

yeah, but if hostname is used, ip:443 uses http

@532910
Copy link

532910 commented Dec 6, 2024

indded, I have enabled Enable HTTPS-Only Mode in all windows which is disabled by default

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
client Issue related to the client discussion Open discussion of some problem feature Completely new functionality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@532910 @roman-khimov @cthulhu-rider