> > Excellent, then please make it to behave exactly the same way with IPv4
> > only
> > addresses. Why FF not following the same logic if all IP's are strictly
> > IPv4 ?
>
> It does. Or perhaps I should say it should, if you indeed can reproduce a
> scenario where it doesn't. IP version is not relevant for this context. IP
> address overlap is.
No, it doesn't. If all 3 IP addresses are v4 addresses, FF is not
re-using IP_ADDR_2 in similar scenario.
Let's look carefully on RFC 7540, Section 9.1.1 (Connection Reuse)
A connection can be reused as long as the origin server
is authoritative (Section 10.1). For TCP connections without TLS,
this depends on the host having resolved to the same IP address.
Forget about TLS for the moment. FF will NOT reuse existing connection for
regular HTTP connection. Why ?
Because it would be wrong behaviour and will definitely lead to very easy
MITM attacks, or you think FF _should_ reuse existing connection in this case
as well ?
"For "https" resources, connection reuse ADDITIONALLY depends on
having a certificate that is valid for the host in the URI."
As you may see, RFC clearly states that valid certificate is an ADDITIONAL
condition. In other words, if existing connection CAN be reused for HTTP,
only then you should check for additional requirement - certificate should be
valid.
I.e. There is a chance that connection which is good to be reused for HTTP
will not be suitable for HTTPS. But not the opposite.
In case of FF what happens is exactly the opposite - FF will not reuse the
connection for HTTP, but believe it's good for HTTPS.
_______________________________________________
dev-tech-network mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-network
