TLS ALPN Proposal v3

Xuelei Fan xuelei.fan at oracle.com
Thu Jul 9 00:44:40 UTC 2015


On 7/9/2015 7:42 AM, Bradford Wetmore wrote:
> Xuelei/Simone wrote:
>>> Per my understanding, application protocol should be negotiated before
>>> cipher suite and protocol version negotiated.
>>
>> This is not possible for HTTP/2.
>> Application protocol negotiation MUST happen *after* the TLS protocol
>> and the TLS cipher are negotiated.
> 
> Yes, that's my understanding as well.
What are the behaviors of other vendors?  Can we ask for a clarification
from both HTTP/2 and TLS WG?

Thanks,
Xuelei



More information about the security-dev mailing list