TLS ALPN Proposal v2

Bradford Wetmore bradford.wetmore at oracle.com
Fri Jun 5 00:37:19 UTC 2015


On 6/2/2015 11:23 PM, Xuelei Fan wrote:
> src/java.base/share/classes/javax/net/ssl/ExtendedSSLSession.java
> =================================================================
>
> List<String> getReceivedApplicationProtocols()
> ----------------------------------------------
> C1. It might be useful to know the client requested application
> protocols in some circumstance.  Better to set the application protocols
> in client side either.

For ALPN, the client supplies the list, the server chooses.  For NPN, 
the server supplies the list, the client chooses.  So it's a list of 
received (requested) protocols.  I've changed it for now, not a big deal 
to me.

> I'd like to use:
>
> -  * Gets the application protocol value(s) received from the peer
> -  * for this connection.
> +  * Gets a {@link List} of requested application protocol value(s)
> +  * for this connection.

I've never seen a link inside an opening sentence.  I have seen @code, 
but there's only 6 in the entire java namespace.  The

> -    public List<String> getReceivedApplicationProtocols() {
> +    public List<String> getRequesedApplicationProtocols() {

I'll assume that was supposed to be requested.  :)

> C2. The return value would better to be immutable, and better to
> describe the preference per RFC 7301.  Maybe looks like:
> -    * @return the non-null list of application protocol names
> +    * @return the non-null immutable list of application protocol
> +    *     names, in descending order of preference.  The returned
> +    *     list may be empty if no application protocols were
> +    *     requested.

Done.

> src/java.base/share/classes/javax/net/ssl/SSLParameters.java
> ============================================================
>
> List<String> getApplicationProtocols()
> --------------------------------------
> C3. Better to indicate explicitly that this method only apply to client
> mode.

See above.

> C4. The method description is not instinctive enough for an application
> developer.  Can we use words to indicate the purpose of the setting?
> For example:
> -  * Gets the list of application-level protocol names that could
> -  * be sent to the SSL/TLS peer.
> +  * Gets the {@link List} of application layer protocol names that
> +  * can be negotiated over SSL/TLS/DTLS protocols.

Changed, except for the @link.

> C5. Prefer to use immutable return value:
> -  * @return a non-null list of application protocol names.
> +  * @return a non-null immutable list of application protocol names.

Changed.

> C6. Nice to have a link for the standard protocol names.

I wasn't planning on having a list of standard protocol names.
See below.

> void setApplicationProtocols(List<String> protocols)
> ----------------------------------------------------
> C7. see C3.
> C8. see C4.

Changed.

> s/getApplicationProtocolSelector()
> ----------------------------------
> C9. The use of SSLFunction<SSLBase, String> make the implementation of
> protocol selector and JSSE provider implementation complicated.
>
>  From the spec, looks like the selector may want to know address/ports,
> SSL protocol versions or the negotiated cipher suit.  As would require
> that before use this selector, the handshaking must negotiate the
> protocol version and the cipher suite.  That's a specific JSSE
> implementation requirement.  It does not sound like a reasonable behavior.
>
> The implement of the selector is not straightforward, I think.
>
> Per section 4, RFC 7301:
>    "... The
>     "application_layer_protocol_negotiation" ServerHello extension is
>     intended to be definitive for the connection (until the connection is
>     renegotiated) and is sent in plaintext to permit network elements to
>     provide differentiated service for the connection when the TCP or UDP
>     port number is not definitive for the application-layer protocol to
>     be used in the connection.  By placing ownership of protocol
>     selection on the server, ALPN facilitates scenarios in which
>     certificate selection or connection rerouting may be based on the
>     negotiated protocol."
>
> Per my understanding, application protocol should be negotiated before
> cipher suite and protocol version negotiated.  And the connection may be
> rerouted (even to different machines) for further operation.  The
> requested application protocols list should be the only information for
> the selection of a suitable application protocol.
>
> Based on that, I think it is more simple to use Simone's proposal:
>
> @FunctionalInterface
> interface ApplicationProtocolSelector
> {
>      String select(List<String> protocols) throws SSLException;
> }
>
> Hence, no need for a SSLBase any more.

There's been a lot of discussion this morning, I'll return to this later 
when I've had a chance to parse it.

> public static final String AP_HTTP_1_1 = "http/1.1";
> public static final String AP_H2 = "h2";
> ----------------------------------------
> C10. I understand why the constants are defined here.  However, usually,
> we don't define standard names in JSSE APIs.  Instead, we normally use
> Oracle standard names documentation.

This is not really a Standard Name in our normal sense/usage.  Usually 
it's a mapping from a name string to some type of value (e.g. TLSv1 -> 
0x0301, "SSL_RSA_WITH_3DES_EDE_CBC_SHA" -> 0x000a, "SHA1withRSA" -> 
1.2.840.113549.1.1.5.  In this case, it's the actual value, and will 
depends on the decoding.

> src/java.base/share/classes/javax/net/ssl/SSLSession.java
> =========================================================
> String getCipherSuite()
> -----------------------
> Pretty hard to use this method with the new specification. It's not a
> necessary update, see #C9.

I'll come back to this as per above.

Brad



> Hope it helps!
>
> Xuelei
>
> On 6/3/2015 8:56 AM, Bradford Wetmore wrote:
>> Hi,
>>
>> I have just posted the second iteration of the ALPN proposal which
>> hopefully addresses all of the comments raised here.  It is in javadoc
>> format, but things can certainly be adjusted:
>>
>>      http://cr.openjdk.java.net/~wetmore/8051498/webrev.00/
>>
>> Please see the archive [1] for previous design discussion.  I will be
>> writing up usage examples in the next few days.
>>
>> The significant changes:
>>
>> ExtendedSSLSession
>>      public List<String> getReceivedApplicationProtocols() {
>>
>>      This will allow applications to examine which protocol names were
>>      sent.
>>
>> SSLParameters
>>      mentions both ALPN/NPN as possible protocols.  I removed the
>>      discussion about "server" and "client" since ALPN/NPN essentially
>>      reverse the roles.
>>
>>      mentions "appropriate character sets" for String-byte[] conversions
>>      such as UTF-8 for ALPN.
>>
>>      The application protocol selector is now a @FunctionalInterface
>>      (i.e. lambda-ready) called SSLFunction.  It is to throw an
>>      SSLException if no values are supported, or null if you want to
>>      treat as an unknown extension.
>>
>>      Defined constants for HTTP/1.1 and HTTP/2.
>>
>> SSLSession
>>
>>      Called out that getHandshakeSession's ciphersuite may vary until
>>      selected.
>>
>> SSLBase
>>
>>      A new marker interface that SSLEngine/SSLSocket will implement.
>>      This will allow for a single SSLFunction instead of having
>>      SSLFunctionSSLEngine and SSLFunctionSSLSocket.  It does require
>>      that the lambda do a instanceof, unless we were to move the common
>>      Socket/Engine APIs into this class.
>>
>> Thanks,
>>
>> Brad
>>
>> [1]
>> http://mail.openjdk.java.net/pipermail/security-dev/2015-May/012183.html
>


More information about the security-dev mailing list