Opened 3 months ago

Last modified 6 weeks ago

#1397 new defect

HTTP/2 broken in popular Android libraries with nginx v. 1.13.6

Reported by: serguei.ivantsov@… Owned by:
Priority: critical Milestone: 1.13
Component: nginx-core Version: 1.13.x
Keywords: Cc:
Sensitive: no
uname -a: Linux some.domain.com 4.13.3-xn #1 SMP Thu Sep 21 18:31:01 EEST 2017 x86_64 Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz GenuineIntel GNU/Linux
nginx -V: nginx version: nginx/1.13.6 built with OpenSSL 1.0.2l 25 May 2017 TLS SNI support enabled configure arguments: --prefix=/usr --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error_log --pid-path=/run/nginx.pid --lock-path=/run/lock/nginx.lock --with-cc-opt='-I/usr/include -DNGX_HAVE_INET6=0' --with-ld-opt=-L/usr/lib64 --http-log-path=/var/log/nginx/access_log --http-client-body-temp-path=/var/lib/nginx/tmp/client --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --with-compat --with-file-aio --with-http_v2_module --with-pcre --with-threads --without-http_memcached_module --without-http_scgi_module --without-http_ssi_module --without-http_split_clients_module --without-http_upstream_hash_module --without-http_upstream_ip_hash_module --without-http_upstream_keepalive_module --without-http_upstream_least_conn_module --without-http_userid_module --without-http_uwsgi_module --with-http_geoip_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_realip_module --with-http_ssl_module --without-stream_access_module --without-stream_geo_module --without-stream_limit_conn_module --without-stream_map_module --without-stream_return_module --without-stream_split_clients_module --without-stream_upstream_hash_module --without-stream_upstream_least_conn_module --without-stream_upstream_zone_module --without-mail_imap_module --without-mail_pop3_module --without-mail_smtp_module --user=nginx --group=nginx

Description

Both Retrofit and OkHttp? affected.
On the client, error is:
java.net.ProtocolException?: Expected ':status' header not present

https://stackoverflow.com/questions/46807237/protocolexception-expected-status-header-not-present

Change History (10)

comment:1 Changed 3 months ago by vbart

Could you try to revert this change and test?

comment:2 Changed 3 months ago by serguei.ivantsov@…

The lib (OkHttp?) is working again if revert that change.

Last edited 3 months ago by serguei.ivantsov@… (previous) (diff)

comment:3 Changed 3 months ago by mdounin

Ok, so it looks like the lib is not able to handle Dynamic Table Size updates. This looks like a bug in the library to me. We may consider introducing a workaround in nginx, though I'm not sure it makes sense. A better solution would be to fix the library.

comment:4 Changed 3 months ago by vbart

Can you confirm, that you don't use any 3rd-party patches as well?

comment:5 Changed 3 months ago by serguei.ivantsov@…

It is vanilla library, though it might be not the latest version. I need to ask developers of the affected app.
I've checked sources at GitHub?
https://github.com/square/okhttp/blob/master/okhttp/src/main/java/okhttp3/internal/http2/Hpack.java
And appears they have above mentioned "dynamic table" support.

comment:6 Changed 3 months ago by vbart

I asked mostly about nginx. There are known patches for nginx that can break HTTP/2 functionality.

comment:7 Changed 3 months ago by serguei.ivantsov@…

It is a version from Gentoo repository. Let me check if they apply patches.

comment:8 Changed 3 months ago by serguei.ivantsov@…

Well, updating to the latest version of the libraries resolves this issue.
It is not a bug of nginx, but looks like this new feature affects a lot of old software.

comment:9 Changed 6 weeks ago by mdounin

See also #1441.

comment:10 Changed 6 weeks ago by qiqizjl@…

Hello, we also encountered this problem. In addition to downgrading nginx and upgrade okhttp, what other solutions now?

Note: See TracTickets for help on using tickets.