Add HTTP/1.1 ALPN support

[hodbn]

Added ALPN support, resolves #1892.

Sending ALPN protocols (["http/1.1"]) by default, if backend support is available.

TODO:

• Better testing of ALPN support.
• TestHTTPS_ALPN introduced too much tests.
• Add SecureTransport support.

Support:

Requires Python>=2.7.9 (for SSLContext) and backend support:

• ssl: needs OpenSSL>=1.0.2
• PyOpenSSL: needs OpenSSL>=1.0.2, PyOpenSSL>=0.15, cryptography>=0.5
• SecureTransport: needs macOS >= 10.12

[sethmlarson]

I wonder if it makes sense for us to unconditionally add http/1.1 to ALPN when available similar to how httplib will be doing so now and how curl has done so for forever. That way we can skip on all the conditional / HAS_ALPN detection logic and instead detect based on whether SSLContext has set_alpn_protocols() and catch NotImplementedError.

urllib3 only speaks HTTP/1.1 (or 1.0 if server is too but we prefer not to) so I don't see the need for this to be configurable.

[pquentin]

+1 to avoid adding yet another knob if we can avoid it

[pquentin]

Good job so far, thanks!

[codecov]

Codecov Report

Merging #1894 into master will increase coverage by 0.04%.
The diff coverage is 100.00%.

@@             Coverage Diff             @@
##           master     #1894      +/-   ##
===========================================
+ Coverage   99.95%   100.00%   +0.04%     
===========================================
  Files          23        23              
  Lines        2049      2054       +5     
===========================================
+ Hits         2048      2054       +6     
+ Misses          1         0       -1     

Flag	Coverage Δ
#unittests	99.51% <80.00%> (-0.05%)	⬇️

Impacted Files	Coverage Δ
src/urllib3/util/__init__.py	100.00% <ø> (ø)
src/urllib3/util/ssl_.py	100.00% <100.00%> (ø)
src/urllib3/util/wait.py	100.00% <0.00%> (+1.56%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a5a45dc...e756385. Read the comment docs.

[hodbn]

I've removed API to customize ALPN protocols and most of HAS_ALPN references. Instead, I added a utility has_alpn function in order to allow precise testing.

What do you think?

[sethmlarson]

This is stellar, thank you for all this work! 🎉 I left a few comments :)

[sethmlarson]

Would be great to confirm this works via capturing a TLS handshake on a supported platform, have we tried that yet?

[hodbn]

There is a test in TestALPN::test_alpn_protocol_in_first_request_packet, is that what you meant?

[sethmlarson]

I meant it'd be great to have an indication this all works on a live macOS 10.12+ system by verifying manually w/ Wireshark. I don't have a macOS machine so I can't help here but we can do that outside this PR though :)

[sethmlarson]

Looks good to me :)