diff --git a/include/iocore/net/TLSBasicSupport.h b/include/iocore/net/TLSBasicSupport.h index a0b17bae3d9..0256141dade 100644 --- a/include/iocore/net/TLSBasicSupport.h +++ b/include/iocore/net/TLSBasicSupport.h @@ -44,6 +44,7 @@ class TLSBasicSupport static void unbind(SSL *ssl); TLSHandle get_tls_handle() const; + int get_tls_version() const; const char *get_tls_protocol_name() const; const char *get_tls_cipher_suite() const; const char *get_tls_curve() const; diff --git a/include/proxy/http/Http1ClientSession.h b/include/proxy/http/Http1ClientSession.h index 7d808cc0214..1164779d1cb 100644 --- a/include/proxy/http/Http1ClientSession.h +++ b/include/proxy/http/Http1ClientSession.h @@ -64,7 +64,6 @@ class Http1ClientSession : public ProxySession void do_io_close(int lerrno = -1) override; // Accessor Methods - bool allow_half_open() const; void set_half_close_flag(bool flag) override; bool get_half_close_flag() const override; int get_transact_count() const override; diff --git a/include/proxy/http/Http1ClientTransaction.h b/include/proxy/http/Http1ClientTransaction.h index 3fd9db4410e..e911b299827 100644 --- a/include/proxy/http/Http1ClientTransaction.h +++ b/include/proxy/http/Http1ClientTransaction.h @@ -37,7 +37,6 @@ class Http1ClientTransaction : public Http1Transaction // Methods void release() override; - bool allow_half_open() const override; void transaction_done() override; void increment_transactions_stat() override; void decrement_transactions_stat() override; diff --git a/src/iocore/net/TLSBasicSupport.cc b/src/iocore/net/TLSBasicSupport.cc index 17adaa42dd3..df8eba4faa1 100644 --- a/src/iocore/net/TLSBasicSupport.cc +++ b/src/iocore/net/TLSBasicSupport.cc @@ -79,6 +79,17 @@ TLSBasicSupport::get_tls_handle() const return this->_get_ssl_object(); } +int +TLSBasicSupport::get_tls_version() const +{ + auto ssl = this->_get_ssl_object(); + if (ssl) { + return SSL_version(ssl); + } else { + return 0; + } +} + const char * TLSBasicSupport::get_tls_protocol_name() const { diff --git a/src/proxy/ProxyTransaction.cc b/src/proxy/ProxyTransaction.cc index 3d0bea20086..fa65e987a32 100644 --- a/src/proxy/ProxyTransaction.cc +++ b/src/proxy/ProxyTransaction.cc @@ -272,6 +272,19 @@ ProxyTransaction::set_expect_receive_trailer() bool ProxyTransaction::allow_half_open() const { + bool config_allows_it = (_sm) ? _sm->t_state.txn_conf->allow_half_open > 0 : true; + if (config_allows_it) { + // Check with the session to make sure the underlying transport allows the half open scenario + if (auto vc = this->get_netvc(); vc != nullptr) { + if (auto tbs = vc->get_service(); tbs != nullptr) { + if (tbs->get_tls_version() == TLS1_3_VERSION) { + return true; + } + } else { + return true; + } + } + } return false; } diff --git a/src/proxy/http/Http1ClientSession.cc b/src/proxy/http/Http1ClientSession.cc index 4a9cdcb5145..c76a6c5548a 100644 --- a/src/proxy/http/Http1ClientSession.cc +++ b/src/proxy/http/Http1ClientSession.cc @@ -540,13 +540,6 @@ Http1ClientSession::start() this->release(&trans); } -bool -Http1ClientSession::allow_half_open() const -{ - // Only allow half open connections if the not over TLS - return (_vc && _vc->get_service() == nullptr); -} - void Http1ClientSession::set_half_close_flag(bool flag) { diff --git a/src/proxy/http/Http1ClientTransaction.cc b/src/proxy/http/Http1ClientTransaction.cc index 2e3672f5fbc..55c75152f75 100644 --- a/src/proxy/http/Http1ClientTransaction.cc +++ b/src/proxy/http/Http1ClientTransaction.cc @@ -45,17 +45,6 @@ Http1ClientTransaction::transaction_done() } } -bool -Http1ClientTransaction::allow_half_open() const -{ - bool config_allows_it = (_sm) ? _sm->t_state.txn_conf->allow_half_open > 0 : true; - if (config_allows_it) { - // Check with the session to make sure the underlying transport allows the half open scenario - return static_cast(_proxy_ssn)->allow_half_open(); - } - return false; -} - void Http1ClientTransaction::increment_transactions_stat() {