bpo-40968: Send http/1.1 ALPN extension (#20959)

Signed-off-by: Christian Heimes <christian@python.org>

diff --git a/Doc/library/http.client.rst b/Doc/library/http.client.rst
index 35997db2a9d27d29ac61e7f5ec78614c5bcb13fd..56f4c0a0d772f49904512510b674e5a856061186 100644 (file)
--- a/Doc/library/http.client.rst
+++ b/Doc/library/http.client.rst
@@ -99,6 +99,11 @@ The module provides the following classes:
       :attr:`ssl.SSLContext.post_handshake_auth` for the default *context* or
       when *cert_file* is passed with a custom *context*.
 
+   .. versionchanged:: 3.10
+      This class now sends an ALPN extension with protocol indicator
+      ``http/1.1`` when no *context* is given. Custom *context* should set
+      ALPN protocols with :meth:`~ssl.SSLContext.set_alpn_protocol`.
+
    .. deprecated:: 3.6
 
        *key_file* and *cert_file* are deprecated in favor of *context*.

diff --git a/Doc/library/urllib.request.rst b/Doc/library/urllib.request.rst
index b37f230feb6015324b7d8962e23ad7bd6b130b29..b4435a62ad43d991971e372f79c2ec2d3b02910c 100644 (file)
--- a/Doc/library/urllib.request.rst
+++ b/Doc/library/urllib.request.rst
@@ -109,6 +109,11 @@ The :mod:`urllib.request` module defines the following functions:
    .. versionchanged:: 3.4.3
       *context* was added.
 
+   .. versionchanged:: 3.10
+      HTTPS connection now send an ALPN extension with protocol indicator
+      ``http/1.1`` when no *context* is given. Custom *context* should set
+      ALPN protocols with :meth:`~ssl.SSLContext.set_alpn_protocol`.
+
    .. deprecated:: 3.6
 
        *cafile*, *capath* and *cadefault* are deprecated in favor of *context*.

diff --git a/Lib/http/client.py b/Lib/http/client.py
index 15abcfeada5915c8db7228515689385650b1d6fc..a54679cf84d18a3f5db07b1c99722663e23ec78c 100644 (file)
--- a/Lib/http/client.py
+++ b/Lib/http/client.py
@@ -1407,6 +1407,9 @@ else:
             self.cert_file = cert_file
             if context is None:
                 context = ssl._create_default_https_context()
+                # send ALPN extension to indicate HTTP/1.1 protocol
+                if self._http_vsn == 11:
+                    context.set_alpn_protocols(['http/1.1'])
                 # enable PHA for TLS 1.3 connections if available
                 if context.post_handshake_auth is not None:
                     context.post_handshake_auth = True

diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
index a8c870b9778eba34b1c5b1d7524252a7ee5e8d8c..39974d975ee1e0fe87cfbe401302befc7c0e9e96 100644 (file)
--- a/Lib/urllib/request.py
+++ b/Lib/urllib/request.py
@@ -202,6 +202,8 @@ def urlopen(url, data=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
         context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH,
                                              cafile=cafile,
                                              capath=capath)
+        # send ALPN extension to indicate HTTP/1.1 protocol
+        context.set_alpn_protocols(['http/1.1'])
         https_handler = HTTPSHandler(context=context)
         opener = build_opener(https_handler)
     elif context:

diff --git a/Misc/NEWS.d/next/Library/2020-06-18-11-35-16.bpo-40968.R8Edbv.rst b/Misc/NEWS.d/next/Library/2020-06-18-11-35-16.bpo-40968.R8Edbv.rst
new file mode 100644 (file)
index 0000000..6bcbaaa
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2020-06-18-11-35-16.bpo-40968.R8Edbv.rst
@@ -0,0 +1,2 @@
+:mod:`urllib.request` and :mod:`http.client` now send ``http/1.1`` ALPN
+extension during TLS handshake when no custom context is supplied.