From a5b0f06a7ba08d443b9fb33510192434106e92ea Mon Sep 17 00:00:00 2001 From: donBarbos Date: Wed, 12 Feb 2025 18:21:29 +0400 Subject: [PATCH 1/3] Detect TLS handshake attempt in HTTP server --- Lib/http/server.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Lib/http/server.py b/Lib/http/server.py index a90c8d34c394db..fc5e2429fa1b23 100644 --- a/Lib/http/server.py +++ b/Lib/http/server.py @@ -287,6 +287,15 @@ def parse_request(self): requestline = str(self.raw_requestline, 'iso-8859-1') requestline = requestline.rstrip('\r\n') self.requestline = requestline + + # Detect TLS handshake attempt (common when browser forces HTTPS) + if self.raw_requestline[0] == 0x16: # First TLS handshake bytes + self.requestline = "[TLS handshake bytes]" + self.send_error( + HTTPStatus.BAD_REQUEST, + "Unsupported protocol: HTTPS is not available") + return False + words = requestline.split() if len(words) == 0: return False From 6a7071acb879d4154a0a4033a16e00bf5e607897 Mon Sep 17 00:00:00 2001 From: donBarbos Date: Wed, 12 Feb 2025 18:31:16 +0400 Subject: [PATCH 2/3] Add bluerb entry --- .../next/Library/2025-02-12-18-31-12.gh-issue-109765.QqoBW2.rst | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 Misc/NEWS.d/next/Library/2025-02-12-18-31-12.gh-issue-109765.QqoBW2.rst diff --git a/Misc/NEWS.d/next/Library/2025-02-12-18-31-12.gh-issue-109765.QqoBW2.rst b/Misc/NEWS.d/next/Library/2025-02-12-18-31-12.gh-issue-109765.QqoBW2.rst new file mode 100644 index 00000000000000..95ae9a2afe0267 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2025-02-12-18-31-12.gh-issue-109765.QqoBW2.rst @@ -0,0 +1,2 @@ +Detect TLS handshake attempt in :class:`BaseHTTPRequestHandler` of +:mod:`http.server` module to clear the output. Patch by Semyon Moroz. From 05dd853c3e83c59e75e32a45d004d3659586a3cf Mon Sep 17 00:00:00 2001 From: donBarbos Date: Wed, 12 Feb 2025 18:44:02 +0400 Subject: [PATCH 3/3] Update blurb entry --- .../Library/2025-02-12-18-31-12.gh-issue-109765.QqoBW2.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Misc/NEWS.d/next/Library/2025-02-12-18-31-12.gh-issue-109765.QqoBW2.rst b/Misc/NEWS.d/next/Library/2025-02-12-18-31-12.gh-issue-109765.QqoBW2.rst index 95ae9a2afe0267..4565bd605c077a 100644 --- a/Misc/NEWS.d/next/Library/2025-02-12-18-31-12.gh-issue-109765.QqoBW2.rst +++ b/Misc/NEWS.d/next/Library/2025-02-12-18-31-12.gh-issue-109765.QqoBW2.rst @@ -1,2 +1,2 @@ -Detect TLS handshake attempt in :class:`BaseHTTPRequestHandler` of -:mod:`http.server` module to clear the output. Patch by Semyon Moroz. +Detect TLS handshake attempt in :class:`http.server.BaseHTTPRequestHandler` to +more clear the output. Patch by Semyon Moroz.