diff --git a/mitmproxy/cmdline.py b/mitmproxy/cmdline.py index fedd4f133..3e9fa011c 100644 --- a/mitmproxy/cmdline.py +++ b/mitmproxy/cmdline.py @@ -362,18 +362,14 @@ def proxy_options(parser): action="store", type=int, dest="port", default=8080, help="Proxy service port." ) - http2 = group.add_mutually_exclusive_group() - # !!! - # Watch out: We raise a RuntimeError in mitmproxy.proxy.config if http2 is enabled, - # but the OpenSSL version does not have ALPN support (which is the default on Ubuntu 14.04). - # Do not simply set --http2 as enabled by default. - # !!! - http2.add_argument("--http2", action="store_true", dest="http2") - http2.add_argument("--no-http2", action="store_false", dest="http2", - help="Explicitly enable/disable experimental HTTP2 support. " - "Disabled by default. " - "Default value will change in a future version." - ) + group.add_argument( + "--no-http2", + action="store_false", dest="http2", + help=""" + Explicitly disable HTTP/2 support. + If your OpenSSL version supports ALPN, HTTP/2 is enabled by default. + """ + ) rawtcp = group.add_mutually_exclusive_group() rawtcp.add_argument("--raw-tcp", action="store_true", dest="rawtcp") rawtcp.add_argument("--no-raw-tcp", action="store_false", dest="rawtcp", diff --git a/mitmproxy/console/__init__.py b/mitmproxy/console/__init__.py index e739ec61e..f7e7b0d5a 100644 --- a/mitmproxy/console/__init__.py +++ b/mitmproxy/console/__init__.py @@ -14,6 +14,8 @@ import traceback import urwid import weakref +from netlib import tcp + from .. import controller, flow, script, contentviews from . import flowlist, flowview, help, window, signals, options from . import grideditor, palettes, statusbar, palettepicker @@ -452,6 +454,7 @@ class ConsoleMaster(flow.FlowMaster): signals.update_settings.send() self.loop.set_alarm_in(0.01, self.ticker) + def run(self): self.ui = urwid.raw_display.Screen() self.ui.set_terminal_properties(256) @@ -481,6 +484,14 @@ class ConsoleMaster(flow.FlowMaster): sys.exit(1) self.loop.set_alarm_in(0.01, self.ticker) + if self.server.config.http2 and not tcp.HAS_ALPN: # pragma: no cover + def http2err(*args, **kwargs): + signals.status_message.send( + message = "HTTP/2 disabled - OpenSSL 1.0.2+ required." + " Use --no-http2 to silence this warning.", + expire=5 + ) + self.loop.set_alarm_in(0.01, http2err) # It's not clear why we need to handle this explicitly - without this, # mitmproxy hangs on keyboard interrupt. Remove if we ever figure it diff --git a/mitmproxy/dump.py b/mitmproxy/dump.py index 6dab2ddce..d7f076cfd 100644 --- a/mitmproxy/dump.py +++ b/mitmproxy/dump.py @@ -1,9 +1,10 @@ from __future__ import absolute_import, print_function import traceback - +import sys import click import itertools +from netlib import tcp from netlib.http import CONTENT_MISSING import netlib.utils from . import flow, filt, contentviews @@ -72,6 +73,11 @@ class DumpMaster(flow.FlowMaster): self.set_stream_large_bodies(options.stream_large_bodies) + if self.server.config.http2 and not tcp.HAS_ALPN: # pragma: no cover + print("ALPN support missing (OpenSSL 1.0.2+ required)!\n" + "HTTP/2 is disabled. Use --no-http2 to silence this warning.", + file=sys.stderr) + if options.filtstr: self.filt = filt.parse(options.filtstr) else: diff --git a/mitmproxy/proxy/config.py b/mitmproxy/proxy/config.py index a635ab19e..490cf20c9 100644 --- a/mitmproxy/proxy/config.py +++ b/mitmproxy/proxy/config.py @@ -56,7 +56,7 @@ class ProxyConfig: authenticator=None, ignore_hosts=tuple(), tcp_hosts=tuple(), - http2=False, + http2=True, rawtcp=False, ciphers_client=DEFAULT_CLIENT_CIPHERS, ciphers_server=None, @@ -180,9 +180,6 @@ def process_proxy_options(parser, options): parser.error("Certificate file does not exist: %s" % parts[1]) certs.append(parts) - if options.http2 and not tcp.HAS_ALPN: - raise RuntimeError("HTTP2 support requires OpenSSL 1.0.2 or above.") - return ProxyConfig( host=options.addr, port=options.port,