TLS extensions API, ALPN and HTTP 2.0

Simone Bordet simone.bordet at gmail.com
Wed Sep 17 10:02:40 UTC 2014


Hi,

On Tue, Sep 2, 2014 at 11:11 AM, Vincent Ryan <vincent.x.ryan at oracle.com> wrote:
> Your OCA is still being processed. When that has completed your name will be listed at:
>   http://www.oracle.com/technetwork/community/oca-486395.html#b
>
> Until then, we can discuss these TLS/HTTP issues but we cannot include your APIs or source code.

Just an update on this...

While ALPN should offer mechanism independent from the protocol
advertised or the cipher used in the TLS connection, it seems that the
HTTP/2.0 spec has put some constraint that link the protocol
advertised to the ciphers negotiated
(http://tools.ietf.org/html/draft-ietf-httpbis-http2-14#section-9.2.2).
Currently it seems that this HTTP/2 requirement is difficult, if not
impossible, to implement in the JDK.
I am following the HTTP/2 expert group to see if this issue is
resolved, and working on the Jetty code to implement this feature.

The idea being to wait a bit to define the ALPN APIs until this issue
is resolved, to see if the resolution requires changes in the ALPN
APIs.

Thanks !

-- 
Simone Bordet
http://bordet.blogspot.com
---
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless.   Victoria Livschitz


More information about the security-dev mailing list