bpo-40968: Send http/1.1 ALPN extension (#20959)

tiran · web-flow · commit f97406be4c0a · 2020-11-13T16:37:52.000+01:00
Signed-off-by: Christian Heimes &lt;christian@python.org&gt;
diff --git a/Doc/library/http.client.rst b/Doc/library/http.client.rst
@@ -99,6 +99,11 @@ The module provides the following classes:
       :attr:`ssl.SSLContext.post_handshake_auth` for the default *context* or
       when *cert_file* is passed with a custom *context*.
 
+   .. versionchanged:: 3.10
+      This class now sends an ALPN extension with protocol indicator
+      ``http/1.1`` when no *context* is given. Custom *context* should set
+      ALPN protocols with :meth:`~ssl.SSLContext.set_alpn_protocol`.
+
    .. deprecated:: 3.6
 
        *key_file* and *cert_file* are deprecated in favor of *context*.
diff --git a/Doc/library/urllib.request.rst b/Doc/library/urllib.request.rst
@@ -109,6 +109,11 @@ The :mod:`urllib.request` module defines the following functions:
    .. versionchanged:: 3.4.3
       *context* was added.
 
+   .. versionchanged:: 3.10
+      HTTPS connection now send an ALPN extension with protocol indicator
+      ``http/1.1`` when no *context* is given. Custom *context* should set
+      ALPN protocols with :meth:`~ssl.SSLContext.set_alpn_protocol`.
+
    .. deprecated:: 3.6
 
        *cafile*, *capath* and *cadefault* are deprecated in favor of *context*.
diff --git a/Lib/http/client.py b/Lib/http/client.py
@@ -1407,6 +1407,9 @@ def __init__(self, host, port=None, key_file=None, cert_file=None,
             self.cert_file = cert_file
             if context is None:
                 context = ssl._create_default_https_context()
+                # send ALPN extension to indicate HTTP/1.1 protocol
+                if self._http_vsn == 11:
+                    context.set_alpn_protocols(['http/1.1'])
                 # enable PHA for TLS 1.3 connections if available
                 if context.post_handshake_auth is not None:
                     context.post_handshake_auth = True
diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
@@ -202,6 +202,8 @@ def urlopen(url, data=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
         context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH,
                                              cafile=cafile,
                                              capath=capath)
+        # send ALPN extension to indicate HTTP/1.1 protocol
+        context.set_alpn_protocols(['http/1.1'])
         https_handler = HTTPSHandler(context=context)
         opener = build_opener(https_handler)
     elif context:
diff --git a/Misc/NEWS.d/next/Library/2020-06-18-11-35-16.bpo-40968.R8Edbv.rst b/Misc/NEWS.d/next/Library/2020-06-18-11-35-16.bpo-40968.R8Edbv.rst
@@ -0,0 +1,2 @@
+:mod:`urllib.request` and :mod:`http.client` now send ``http/1.1`` ALPN
+extension during TLS handshake when no custom context is supplied.

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	+:mod:`urllib.request` and :mod:`http.client` now send ``http/1.1`` ALPN
	`2`	`+extension during TLS handshake when no custom context is supplied.`