TLS ALPN Proposal v2
Bradford Wetmore
bradford.wetmore at oracle.com
Wed Jun 3 00:56:19 UTC 2015
Hi,
I have just posted the second iteration of the ALPN proposal which
hopefully addresses all of the comments raised here. It is in javadoc
format, but things can certainly be adjusted:
http://cr.openjdk.java.net/~wetmore/8051498/webrev.00/
Please see the archive [1] for previous design discussion. I will be
writing up usage examples in the next few days.
The significant changes:
ExtendedSSLSession
public List<String> getReceivedApplicationProtocols() {
This will allow applications to examine which protocol names were
sent.
SSLParameters
mentions both ALPN/NPN as possible protocols. I removed the
discussion about "server" and "client" since ALPN/NPN essentially
reverse the roles.
mentions "appropriate character sets" for String-byte[] conversions
such as UTF-8 for ALPN.
The application protocol selector is now a @FunctionalInterface
(i.e. lambda-ready) called SSLFunction. It is to throw an
SSLException if no values are supported, or null if you want to
treat as an unknown extension.
Defined constants for HTTP/1.1 and HTTP/2.
SSLSession
Called out that getHandshakeSession's ciphersuite may vary until
selected.
SSLBase
A new marker interface that SSLEngine/SSLSocket will implement.
This will allow for a single SSLFunction instead of having
SSLFunctionSSLEngine and SSLFunctionSSLSocket. It does require
that the lambda do a instanceof, unless we were to move the common
Socket/Engine APIs into this class.
Thanks,
Brad
[1] http://mail.openjdk.java.net/pipermail/security-dev/2015-May/012183.html
More information about the security-dev
mailing list