4

I'm having trouble blocking the use of HTTP/2 in order to force browsers to use HTTP/1 as the protocol inside https. TLS MITM is out of the question, NFQUEUE-like usermode packet filtering may be considered at most, depending on processing overhead.

From reading the ALPN RFC it's not clear if providing an alert response or dropping the connection when I see a ClientHello that contains ALPN:http/2 will make the browser retry without ALPN.

If I understand correctly, modifying the ClientHello is out of the question as it results in a checksum error when the server responds with the ServerHello because changing the ClientHello invalidates the MAC for that packet.

Is the behavior for blocked handshakes w.r.t. ALPN the same as for handling TLS version fallback, i.e. TLS_FALLBACK_SCSV ?

EDIT: according to t1_lib.c from openssl, if the server doesn't know about ALPN, it ignores it. So if the server returns Alert for a ClientHello containing ALPN, it's probably only because it doesn't support TLS1.2, there is no way to signal to the client "please retry without ALPN" other than "alert" which results in the client trying TLS1.1.

patraulea
  • 652
  • 2
  • 5
  • 26
  • What kind of firewall is it? If this is a simple packet filter then you will not succeed in blocking HTTP/2 but I don't see no use for blocking either since you don't inspect the content anyway. If this is a firewall which can inspect SSL traffic it will work as man-in-the-middle and thus might automatically strip the ALPN extension anyway, causing a downgrade to HTTP/1.x. Apart from that I consider this question off-topic here and more on-topic at security.stackexchange.com or serverfault.com. – Steffen Ullrich Nov 08 '17 at 18:42
  • Why do you want to do this? As there may be better alternatives. Also are you talking inbound or outbound connections? – Barry Pollard Nov 08 '17 at 20:56
  • I edited the question to rule out TLS MITM, this is for an outbound firewall. – patraulea Nov 09 '17 at 12:39

1 Answers1

3

HTTP/2 over TLS is negotiated via ALPN.

Browsers will tell to servers that they support it.

If you don't want to use HTTP/2, then you just have to modify the server configuration in a way that it doesn't have h2 as one of the protocols that it can negotiate via ALPN.

The ALPN negotiation will then fall back to HTTP/1.1 and the client will use HTTP/1.1.

sbordet
  • 16,856
  • 1
  • 50
  • 45
  • Easiest way to fix this would be at server config, but I don't control the webservers. I updated the question to make this clear. What's not clear to me is whether http2 or ALPN as a whole can be denied at the (outgoing) firewall, without pushing policies to clients or doing TLS MITM. – patraulea Nov 09 '17 at 12:35