TLS ALPN Proposal v2
Xuelei Fan
xuelei.fan at oracle.com
Fri Jun 5 15:28:22 UTC 2015
On 6/5/2015 11:16 PM, Simone Bordet wrote:
> Hi,
>
> On Fri, Jun 5, 2015 at 4:46 PM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>> If H2 is not supported, SPDY/3.1 would be attempted, of SPDY/3.1 is not
>> supported HTTP/1.1 would be attempted.
>
> Correct.
>
>> If H2 is supported in both side,
>> but H2 does not work, it is a H2 problem that need to be addressed in H2
>> layer.
>
> If both client and server have "h2" as a potentially supported
> protocol, but the cipher to use h2 is not valid, then h2 is not
> supported for that particular connection.
> At that point, like you said above, spdy/3.1 is attempted, and so on.
>
;-) That's the point we cannot agree with each other at present.
>> No application protocol fallback in TLS layer if the application
>> protocol is supported.
>
> Your interpretation of "supported" is not what browser and server
> implementors mean :)
>
;-) maybe. It's not my expertise.
>> I understand your concerns now. I think we have different understanding
>> of the ALPN protocols. It's a good thing to understand the actually
>> requirements of the industry, I think. Thank you!
>
> So where does this leave us know ?
>
;-) I think Brad would consider our information for his design.
> By the way, while I have participated in the RFC 7540 discussions, and
> implemented HTTP/2 in Jetty to be interoperable with a variety of
> other clients and servers, feel free to ask clarifications to the RFC
> 7540 and RFC 7301 mailing lists, or even directly to the editors of
> those RFCs; they are typically open to answer questions, I guess
> especially so if they come from the OpenJDK team that is implementing
> those specification.
>
Yes.
It would be help to know the implementation of other SSL/TLS vendors, too.
Thanks,
Xuelei
More information about the security-dev
mailing list