TLS extension needed for HTTP/2.0

Bernd Eckenfels bernd-2013 at eckenfels.net
Thu Jul 25 21:06:12 UTC 2013


Hello,

no direct response, but just a pointer: there is a third party Project by  
Ben Murphy which brings NPN to JSSE. I guess the same codebase can be used  
to add ALPN. This will allow to do experiments.

https://github.com/benmmurphy/ssl_npn

It is btw very unfortunate that there is no clear SPI for SSLSocket and  
the java package namespace makes it necesary to actually touch all classes  
to get them compiled in parallel to a normal JDK.

Gruss
Bernd

Am 25.07.2013, 16:15 Uhr, schrieb Zhong Yu <zhong.j.yu at gmail.com>:

> Hi, can someone shed some light on the questions? Any information will
> be greatly appreciated. Thanks,
> Zhong Yu
>
> On Tue, Jul 23, 2013 at 5:41 PM, Zhong Yu <zhong.j.yu at gmail.com> wrote:
>> Hi there,
>>
>> HTTP/2.0 draft (based on google's SPDY) requires the use of a new TLS
>> extension (ALPN), see
>> http://tools.ietf.org/html/draft-ietf-httpbis-http2-04#section-3.3
>>
>> The current javax.net.ssl API does not support that, so it'll be a
>> problem for someone trying to implement the HTTP/2.0 draft on Java
>> platform. Is there a remedy to that?
>>
>> If javax.net.ssl needs further development to be able to support ALPN,
>> would you give a rough estimate on when it could be released? And
>> would it be back ported to earlier versions of Java?
>>
>> What kind of API change do you envision that's necessary to expose
>> ALPN negotiation process to applications?
>>
>> Note that HTTP/2.0 is in very early stage; it's possible that the
>> requirement of ALPN could be relaxed if there's difficulty to
>> implement it on popular platforms; see this thread:
>> http://lists.w3.org/Archives/Public/ietf-http-wg/2013JulSep/0425.html
>>
>> Thank you very much,
>> Zhong Yu


-- 
http://bernd.eckenfels.net



More information about the security-dev mailing list