TLS ALPN Proposal v2
Simone Bordet
simone.bordet at gmail.com
Thu Jun 4 16:12:27 UTC 2015
Hi,
On Thu, Jun 4, 2015 at 5:53 PM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
> On 6/4/2015 8:19 PM, Simone Bordet wrote:
>> This is not possible for HTTP/2.
>> Application protocol negotiation MUST happen *after* the TLS protocol
>> and the TLS cipher are negotiated.
>>
> Why? Is it a spec of HTTP/2? It is a point I don't understand now.
> Please help with more details.
http://tools.ietf.org/html/rfc7540#section-9.2
You can only speak h2 if the cipher is strong enough as defined by RFC 7540.
--
Simone Bordet
http://bordet.blogspot.com
---
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless. Victoria Livschitz
More information about the security-dev
mailing list