Opened 3 weeks ago

Closed 3 weeks ago

#30998 closed defect (fixed)

Use HTTP/1.1 in websocket server for compatibility with Firefox and Safari

Reported by: cohosh Owned by: alolra
Priority: High Milestone:
Component: Circumvention/Snowflake Version:
Severity: Normal Keywords: snowflake-webextension
Cc: arlolra, cohosh, phw, dcf Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by cohosh)

Noticed this while testing out some new webextension changes on Firefox.

I get the following errors:

Snowflake: WebRTC DataChannel opened! snowflake.js:1154:13
Firefox can’t establish a connection to the server at wss://snowflake.bamsoftware.com/?client_ip=45.72.156.47. snowflake.js:1090:11
Snowflake: websocket-relay error. snowflake.js:1154:13
Snowflake: websocket-relay closed.

This are reproducible with a clean master branch.

I'm also getting several bootstraps to 10% during my client tests that aren't going through my proxy so I'm guessing others are having the same problem.

Child Tickets

Attachments (1)

0001-Return-HTTP-1.1-since-it-s-required-by-the-RFC.patch (1.6 KB) - added by arlolra 3 weeks ago.

Download all attachments as: .zip

Change History (16)

comment:1 Changed 3 weeks ago by cohosh

Server logs show a lot of TLS handshake errors:

2019/06/26 21:44:37 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 21:49:39 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 21:54:42 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 21:59:42 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:04:44 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:09:46 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:14:49 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:19:51 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:24:53 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:29:55 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:34:57 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:39:59 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:45:02 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:50:05 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 22:55:08 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 23:00:10 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 23:05:13 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 23:10:16 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 23:15:19 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 23:20:22 http: TLS handshake error from [scrubbed]: EOF
2019/06/26 23:25:24 http: TLS handshake error from [scrubbed]: EOF

comment:2 Changed 3 weeks ago by cohosh

Confirmed that it's not happening with a proxy-go instance I'm running in snowbox (which connects to the same bridge). So it might be an error just with browser-based proxies? Or it happens periodically?

comment:3 Changed 3 weeks ago by cohosh

Priority: ImmediateHigh

comment:4 Changed 3 weeks ago by arlolra

Firefox can’t establish a connection to the server ...

So it might be an error just with browser-based proxies?

Did you try with Chrome?

comment:5 in reply to:  4 Changed 3 weeks ago by cohosh

Priority: HighLow

Replying to arlolra:

Firefox can’t establish a connection to the server ...

So it might be an error just with browser-based proxies?

Did you try with Chrome?

Ah.. it does work in Chrome. Thanks. I'll keep this open to remind us to address the extension bugs in Firefox.

comment:6 Changed 3 weeks ago by cohosh

Description: modified (diff)
Keywords: snowflake-webextension added
Summary: Some connections to the snowflake bridge from proxies are failingGet Snowflake webextension working on Firefox

comment:7 Changed 3 weeks ago by arlolra

Note that this doesn't have anything to do with snowflake, per se.

Just doing the following in the console yields the same result,

var WS = new WebSocket("wss://snowflake.bamsoftware.com")

In Safari, the error is reported as,

WebSocket connection to 'wss://snowflake.bamsoftware.com/' failed: Invalid HTTP version string: HTTP/1.0

which points to,
https://gitweb.torproject.org/pluggable-transports/websocket.git/tree/websocket/websocket.go#n313

comment:8 Changed 3 weeks ago by arlolra

RFC 6455 says,

Interoperability considerations

Use of WebSocket requires use of HTTP version 1.1 or higher.

So, there must be stricter validation added recently.

Guess we need to patch our websocket implementation.

comment:9 Changed 3 weeks ago by arlolra

Status: newneeds_review

Please see the untested attachment.

No idea if the response is actually conformant with the newer version though, I should look at what the differences are.

comment:10 Changed 3 weeks ago by gaba

Owner: set to alolra
Status: needs_reviewassigned

comment:11 Changed 3 weeks ago by arlolra

Priority: LowHigh

comment:12 Changed 3 weeks ago by arlolra

Please see the untested attachment.

I made a simple server with the example usage,
https://gitweb.torproject.org/pluggable-transports/websocket.git/tree/websocket/websocket.go#n21

Running it before and after applying the patch confirms that it fixes things on Firefox and Safari. By "fixes things", I mean that it's now able to establish a connection as in comment:7

comment:13 Changed 3 weeks ago by dcf

Status: assignedmerge_ready
Summary: Get Snowflake webextension working on FirefoxUse HTTP/1.1 in websocket server for compatibility with Firefox and Safari

comment:14 Changed 3 weeks ago by dcf

I merged arlolra's patch and tagged websocket v0.4.0. Do you want to try deploying it?

I guess this is another reason (along with #28726 and #29125) to migrate away from the custom websocket library and use one of the third-party libraries that has emerged since it was written.

comment:15 Changed 3 weeks ago by arlolra

Resolution: fixed
Status: merge_readyclosed

Do you want to try deploying it?

I'm assuming you mean me.

I followed the survival guide and it seemed to go ok. Some tests with the webextension in Firefox proved fruitful.

I guess this is another reason (along with #28726 and #29125) to migrate away from the custom websocket library and use one of the third-party libraries that has emerged since it was written.

Filed #31028 for that

Note: See TracTickets for help on using tickets.