TLS extensions API, ALPN and HTTP 2.0

Simone Bordet simone.bordet at gmail.com
Wed Jun 18 06:54:13 UTC 2014


Hi,

I would like to reboot a discussion around an improved TLS extensions
API in order to support ALPN (see
http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg), which is
the mechanism required by HTTP 2.0 to negotiate the new version of the
HTTP protocol.

I sent a previous message hoping that such work would have been
included in JDK 8, but it was too late, see
http://mail.openjdk.java.net/pipermail/jdk8-dev/2013-March/002197.html.

I think this needs to be addressed so that a future version of the
Servlet specification can be implemented without requiring the hacks
described below.

Under the Jetty project, we have implemented ALPN as a set of patches
to JDK classes, producing a jar that must be prepended to the boot
classpath in order for ALPN to work, see
https://www.eclipse.org/jetty/documentation/current/alpn-chapter.html.
The downside of this is that for every JDK release the ALPN jar may
need to be rebuilt incorporating JDK changes.

While this solution works, it would be great to have a clear API in
the JDK that would allow to do add the required TLS extension without
requiring patched classes and boot classpath jars.

I apologize if this is not the right list to ask these questions, and
I'll be glad to be redirected to the proper list.

A) Is there any plan to add a generic TLS extensions API to JDK 9 ?
B) Is there a plan, perhaps in concert with the Servlet EG, to prepare
to support ALPN in order to support HTTP 2.0 ?
C) What would be the process to start the effort to add a TLS
extensions API to the JDK ? Start a new JEP ?

Thanks !

-- 
Simone Bordet
http://bordet.blogspot.com
---
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless.   Victoria Livschitz


More information about the jdk9-dev mailing list