New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Netty client channel with TLS over proxy does not establish a connection anymore in 1.22.0 and 1.23.0 #6118
Comments
@chris-blacker, do you see any unusual logs related to protocol negotiation? it can help us narrowing down the problem. |
No, I don't have logs. I analyzed it by looking at the traffic to the proxy and using the sources and debugger. How can I enable the logs you need? With grpc netty 1.22.0 I can restore functionality by only rolling back In 1.21.0:
In 1.22.0:
I am speculating that maybe in the refactoring of |
thanks @chris-blacker, the proxy handler during |
@chris-blacker, it would be nice if you can verify this using snapshot build. |
I have tested master with #6159 and the problem is fixed. Thank you very much @creamsoup |
awesome thanks for the verification, @chris-blacker |
A netty grpc channel never establishes a TLS connection to a valid grpc server when using a HTTP proxy. The problem is reproducible in versions 1.23.0 and 1.22.0 but not in 1.21.0 and earlier.
The proxy is configured on the JVM with
-Dhttps.proxyHost
/-Dhttps.proxyPort
.The channel does send http
CONNECT
with the correct destination to the configured proxy but after the proxy responds withHTTP/1.1 200
, instead of starting with the TLS connection the channel simply hangs and does not send any further traffic to the proxy.The issue is caused by changes in
io.grpc.netty.ProtocolNegotiators
. Replacing this file in 1.23.0 with the one from 1.21.0 (with some minor compile fixes) restores the functionality.The text was updated successfully, but these errors were encountered: