Go1.22 #4722
Go1.22 #4722
Conversation
|
Thanks for the PR. It is a great work. There are a few points here to mention:
|
| @@ -108,7 +108,7 @@ func main() { | |||
| logConn := flag.Bool("log_conn", false, "log incoming/outgoing connections") | |||
| maxConnPerIP := flag.Int("max_conn_per_ip", 10, "max connections number for same ip") | |||
| forceReachabilityPublic := flag.Bool("force_public", false, "forcing the local node to believe it is reachable externally") | |||
| noTransportSecurity := flag.Bool("no_transport_security", false, "disable TLS encrypted transport") | |||
| noTransportSecurity := flag.Bool("no_transport_security", true, "disable TLS encrypted transport") | |||
There was a problem hiding this comment.
It seems it disables transport security without proper discussion and a finalized decision from the team. Have we checked the compatibility of nodes with disabled security with the current mainnet nodes? We have to ensure they can communicate properly to avoid any network issues. Also it would be good to provide us with a few references that shows this change helps.
There was a problem hiding this comment.
Our inputs:
- mainnet network
- Default value for the release 2024.1.0 is
"NoTransportSecurity": false, thus"NoTransportSecurity": truecases is out of scope - If mixing all possible combinations together we will end up in 16(!) possible cases on the communication between bootnode and Harmony node, but if we remove out of scope cases the number is decreasing to 9.
- the next step will be to try enable security via
"NoTransportSecurity": falseon the bootnode 1.22 and test 3 cases
| Bootnode1.22 Node "NoTransportSecurity": true | Bootnode1.22 Node "NoTransportSecurity": false | Bootnode1.19 Node "NoTransportSecurity": true | Bootnode1.19 Node "NoTransportSecurity": false | |
|---|---|---|---|---|
| Harmony 1.19 Node "NoTransportSecurity": true | Out of scope | Out of scope | Out of scope | Out of scope |
| Harmony 1.19 Node "NoTransportSecurity": false | OK | OK | Out of scope | OK |
| Harmony 1.22 Node "NoTransportSecurity": true | FAILED | FAILED | Out of scope | FAILED |
| Harmony 1.22 Node "NoTransportSecurity": false | OK | OK | Out of scope | OK |
There was a problem hiding this comment.
the same test on the devnet have given me inverted results:
| Bootnode1.22 Node "NoTransportSecurity": true | Bootnode1.22 Node "NoTransportSecurity": false | Bootnode1.19 Node "NoTransportSecurity": true | Bootnode1.19 Node "NoTransportSecurity": false | |
|---|---|---|---|---|
| Harmony 1.22 Node "NoTransportSecurity": true | OK | OK | Out of scope | OK |
| Harmony 1.22 Node "NoTransportSecurity": false | FAILED | FAILED | Out of scope | FAILED |
What can it be? Some OS diff? OpenSSL versions diff(both envs are using openssl(3.0.1 and 1.0.1) with TLS 1.3 enabled)?
There was a problem hiding this comment.
Great tests, thanks
There was a problem hiding this comment.
the same test on the devnet have given me inverted results:
just check two devnet normal node and they had "NoTransportSecurity": true, Node might have received the list of peers in the network but couldn't connect to any of the node
based on test above:
- NoTransportSecurity is not preventing bootnode and normal node to exchange the peers
- the non bootnode node in the network need to match their settings
NoTransportSecurity
There was a problem hiding this comment.
Results of canary tests all nodes have NoTransportSecurity: false:
- RPC node 1.22 + Bootnode 1.22 ✅
- RPC node 1.22 + Bootnode 1.19 ✅
- RPC 1.19 + Bootnode 1.22 ✅
- RPC node 1.22(95.217.207.240 aka mhe-explorers1-02) + traffic ✅
- s1 validator 1.22 ✅
- s0 validator 1.22 ✅
|
check this one #4736 |
Golang version 1.22