Opened 4 months ago

Closed 4 months ago

#30998 closed defect (fixed)

Use HTTP/1.1 in websocket server for compatibility with Firefox and Safari

Reported by: cohosh Owned by: alolra
Priority: High Milestone:
Component: Circumvention/Snowflake Version:
Severity: Normal Keywords: snowflake-webextension
Cc: arlolra, cohosh, phw, dcf Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by cohosh)

Noticed this while testing out some new webextension changes on Firefox.

I get the following errors:

Snowflake: WebRTC DataChannel opened! snowflake.js:1154:13
Firefox can’t establish a connection to the server at wss://snowflake.bamsoftware.com/?client_ip=45.72.156.47. snowflake.js:1090:11
Snowflake: websocket-relay error. snowflake.js:1154:13
Snowflake: websocket-relay closed.

This are reproducible with a clean master branch.

I'm also getting several bootstraps to 10% during my client tests that aren't going through my proxy so I'm guessing others are having the same problem.

Child Tickets

Attachments (1)

0001-Return-HTTP-1.1-since-it-s-required-by-the-RFC.patch (1.6 KB) - added by arlolra 4 months ago.

Download all attachments as: .zip

Change History (16)

comment:1 Changed 4 months ago by cohosh

Server logs show a lot of TLS handshake errors:

2019/06/26 21:44:37 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 21:49:39 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 21:54:42 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 21:59:42 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:04:44 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:09:46 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:14:49 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:19:51 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:24:53 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:29:55 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:34:57 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:39:59 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:45:02 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:50:05 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:55:08 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 23:00:10 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 23:05:13 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 23:10:16 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 23:15:19 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 23:20:22 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 23:25:24 http: TLS handshake error from [scrubbed]: EOF

comment:2 Changed 4 months ago by cohosh

Confirmed that it's not happening with a proxy-go instance I'm running in snowbox (which connects to the same bridge). So it might be an error just with browser-based proxies? Or it happens periodically?

comment:3 Changed 4 months ago by cohosh

Priority: ImmediateHigh

comment:4 Changed 4 months ago by arlolra

Firefox can’t establish a connection to the server ...

So it might be an error just with browser-based proxies?

Did you try with Chrome?

comment:5 in reply to:  4 Changed 4 months ago by cohosh

Priority: HighLow

Replying to arlolra:

Firefox can’t establish a connection to the server ...

So it might be an error just with browser-based proxies?

Did you try with Chrome?

Ah.. it does work in Chrome. Thanks. I'll keep this open to remind us to address the extension bugs in Firefox.

comment:6 Changed 4 months ago by cohosh

Description: modified (diff)
Keywords: snowflake-webextension added
Summary: Some connections to the snowflake bridge from proxies are failingGet Snowflake webextension working on Firefox

comment:7 Changed 4 months ago by arlolra

Note that this doesn't have anything to do with snowflake, per se.

Just doing the following in the console yields the same result,

var WS = new WebSocket("wss://snowflake.bamsoftware.com")

In Safari, the error is reported as,

WebSocket connection to 'wss://snowflake.bamsoftware.com/' failed: Invalid HTTP version string: HTTP/1.0

which points to,
https://gitweb.torproject.org/pluggable-transports/websocket.git/tree/websocket/websocket.go#n313

comment:8 Changed 4 months ago by arlolra

RFC 6455 says,

Interoperability considerations

Use of WebSocket requires use of HTTP version 1.1 or higher.

So, there must be stricter validation added recently.

Guess we need to patch our websocket implementation.

comment:9 Changed 4 months ago by arlolra

Status: newneeds_review

Please see the untested attachment.

No idea if the response is actually conformant with the newer version though, I should look at what the differences are.

comment:10 Changed 4 months ago by gaba

Owner: set to alolra
Status: needs_reviewassigned

comment:11 Changed 4 months ago by arlolra

Priority: LowHigh

comment:12 Changed 4 months ago by arlolra

Please see the untested attachment.

I made a simple server with the example usage,
https://gitweb.torproject.org/pluggable-transports/websocket.git/tree/websocket/websocket.go#n21

Running it before and after applying the patch confirms that it fixes things on Firefox and Safari. By "fixes things", I mean that it's now able to establish a connection as in comment:7

comment:13 Changed 4 months ago by dcf

Status: assignedmerge_ready
Summary: Get Snowflake webextension working on FirefoxUse HTTP/1.1 in websocket server for compatibility with Firefox and Safari

comment:14 Changed 4 months ago by dcf

I merged arlolra's patch and tagged websocket v0.4.0. Do you want to try deploying it?

I guess this is another reason (along with #28726 and #29125) to migrate away from the custom websocket library and use one of the third-party libraries that has emerged since it was written.

comment:15 Changed 4 months ago by arlolra

Resolution: fixed
Status: merge_readyclosed

Do you want to try deploying it?

I'm assuming you mean me.

I followed the survival guide and it seemed to go ok. Some tests with the webextension in Firefox proved fruitful.

I guess this is another reason (along with #28726 and #29125) to migrate away from the custom websocket library and use one of the third-party libraries that has emerged since it was written.

Filed #31028 for that

Note: See TracTickets for help on using tickets.