diff options
Diffstat (limited to 'src/net')
| -rw-r--r-- | src/net/http/server.go | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/src/net/http/server.go b/src/net/http/server.go index 82abdd388e..6e1ccff4cd 100644 --- a/src/net/http/server.go +++ b/src/net/http/server.go @@ -1782,11 +1782,9 @@ func (c *conn) serve(ctx context.Context) { c.rwc.SetWriteDeadline(time.Now().Add(d)) } if err := tlsConn.Handshake(); err != nil { - // If the handshake failed, one reason might be a - // misconfigured client sending an HTTP request. If so, reach - // into the *tls.Conn unexported fields in a gross way so we - // can reply on the plaintext connection. At least there's a - // test that'll break if we rearrange the *tls.Conn struct. + // If the handshake failed due to the client not speaking + // TLS, assume they're speaking plaintext HTTP and write a + // 400 response on the TLS conn's underlying net.Conn. if re, ok := err.(tls.RecordHeaderError); ok && re.Conn != nil && tlsRecordHeaderLooksLikeHTTP(re.RecordHeader) { io.WriteString(re.Conn, "HTTP/1.0 400 Bad Request\r\n\r\nClient sent an HTTP request to an HTTPS server.\n") re.Conn.Close() |