Document and test default ALPN failure behavior config

DerGuteMoritz · DerGuteMoritz · commit 20b9e142ea7a · 2024-06-18T16:35:13.000+02:00
diff --git a/src/aleph/netty.clj b/src/aleph/netty.clj
@@ -938,7 +938,16 @@
       "Creates a default config for Application-Layer Protocol Negotiation (ALPN),
        which TLS uses to negotiate which HTTP version to use during the handshake.
 
-       Takes a vector of HTTP versions, in order of preference. E.g., `[:http2 :http1]`"
+       Takes a vector of HTTP versions, in order of preference. E.g., `[:http2 :http1]`
+
+       Note that the returned config uses `SelectorFailureBehavior.NO_ADVERTISE`[1] and
+       `SelectedListenerFailureBehavior.ACCEPT`[2] since these are the only failure behaviors
+       supported by all SSL providers. See their documentation for details. One important
+       consequence of this is that it's not possible to completely opt out of HTTP/1.1 by way of
+       only specifying `[:http2]`.
+
+       1: https://netty.io/4.1/api/io/netty/handler/ssl/ApplicationProtocolConfig.SelectorFailureBehavior.html#NO_ADVERTISE
+       2: https://netty.io/4.1/api/io/netty/handler/ssl/ApplicationProtocolConfig.SelectedListenerFailureBehavior.html#ACCEPT"
       ^ApplicationProtocolConfig
       [protocols]
       (ApplicationProtocolConfig.
diff --git a/test/aleph/http_test.clj b/test/aleph/http_test.clj
@@ -1619,6 +1619,27 @@
           (is (instance? IllegalArgumentException result))
           (is (= "force-h2c? may only be true when HTTP/2 is enabled." (ex-message result))))))))
 
+(deftest http2-only-client-connecting-to-http1-only-server
+  (testing "No ALPN config, desiring only HTTP/2 but the server only allows HTTP/1"
+    (with-http1-server echo-handler http1-ssl-server-options
+      (with-redefs [*use-tls-requests* true]
+        (let [result (try-request-with-pool
+                      {:connection-options
+                       {:http-versions [:http2]
+                        :ssl-context test-ssl/client-ssl-context-opts}})]
+          (is (= :success result) "succeeds due to the default failure behaviors (see docstring of `application-protocol-config`)"))))))
+
+
+(deftest http1-only-client-connecting-to-http2-only-server
+  (testing "No ALPN config, desiring only HTTP/1.1 but the server only allows HTTP/2"
+    (with-http2-server echo-handler {}
+      (with-redefs [*use-tls-requests* true]
+        (let [result (try-request-with-pool
+                      {:connection-options
+                       {:http-versions [:http1]
+                        :ssl-context test-ssl/client-ssl-context-opts}})]
+          (is (= :success result) "succeeds due to the default failure behaviors (see docstring of `application-protocol-config`)"))))))
+
 
 (deftest test-in-flight-request-cancellation
   (let [conn-established (promise)
