Support secure channels through SSL/TLS

[mnito]

grpclib does not currently work with secure gRPC channels through HTTPS which we needed for our use case at Slyce -- this pull request uses hyper-h2's SSL context setup to create a secure channel if a secure keyword argument is provided when instantiating the channel.

[vmagamedov]

Thanks!

[vmagamedov]

There is no need to use ALPN/NPN to negotiate about protocols, in gRPC only h2 is used with prior knowledge: https://python-hyper.org/projects/h2/en/stable/negotiating-http2.html#prior-knowledge

[mnito]

Is there a significant performance hit or disadvantage to negotiating? Our server requires negotiating and it seems friendlier to set these by default than requiring passing a custom context in situations where negotiating is required.

[vmagamedov]

create_default_context already disables OP_NO_SSLv2, OP_NO_SSLv3 and OP_NO_COMPRESSION: https://github.com/python/cpython/blob/3.5/Lib/ssl.py#L438

[vmagamedov]

It would be more flexible to have ssl: Union[bool, SSLContext]=False argument instead of secure: bool=False, so users will be able to provide any SSLContext they want for their case. If ssl==True, we create default context.

[vmagamedov]

Possibility of ImportError, if ssl module is unavailable. How to fix:

• https://github.com/aio-libs/aiohttp/blob/3.3/aiohttp/connector.py#L30
• https://github.com/aio-libs/aiohttp/blob/3.3/aiohttp/connector.py#L789

[vmagamedov]

See above

[vmagamedov]

I think that it is too early to create additional module just for this function, which will be used only in one place. You can place it in utils.py or in client.py or directly in the Channel class as private method or in Channel.__init__ method in-place. And I think that there is no need to copy-paste whole function as is with full copyright notice, I think that this code is provided as documentation for reference and it is OK to use it's parts just with a link, pointing to the hyper-h2 project.

[vmagamedov]

And please ensure that :scheme -> https is used for requests over secure connections.

[vmagamedov]

@mnito, will you have a time to finish this PR? Or maybe I can do this for you?

[mnito]

Hey @vmagamedov, sorry I haven't gotten to this -- I have some time right now to make the requested changes.

[mnito]

Hey @vmagamedov I made the requested changes and tested with both SSL-enabled and non-SSL-enabled servers. I left the protocol negotiation stuff in because we never had any problems using grpcio with our server and communication did not work without it. If the cost outweighs the benefits of leaving it in, feel free to take it out and we can always pass in a custom SSL context -- but I figured it would be a friendlier default.

[mnito]

Made a mistake in handling the potential SSL import error -- updated.

[vmagamedov]

I'm almost ready to merge, will wait for your feedback about advertised protocols list.

[vmagamedov]

I'm totally Ok with this, I don't worry about possible overhead, as this happens only once for a long-living connection. The only concern is that I don't think that we should advertise http/1.1 protocol support here. Can you remove it from the list and test with your server?

[mnito]

Yeah you're probably right -- let me just do a quick test with our server

[vmagamedov]

Maybe just if ssl is True:?

[mnito]

Doh - yeah

[mnito]

Should be good to go.

[vmagamedov]

Everything looks great, can you rebase your changes and resolve merge conflicts?

[mnito]

Sure, do you want me to squash as well?

[vmagamedov]

Yes! It would be great.

[mnito]

I rebased! Thanks for all your input.

[vmagamedov]

Thank you for your work!