TLS ALPN Proposal
Weijun Wang
weijun.wang at oracle.com
Sat May 23 03:28:50 UTC 2015
On 5/23/2015 9:13 AM, Bradford Wetmore wrote:
> Weijun wrote:
>
> > But in the RFC the name is in uppercase and chars in string are all
> > lowercases.
> > ...deleted...
> > - Compare with equalsIgnoreCase()
>
> Not following here, the spec is specific about the over-the-wire byte
> values, and http/1.1 != Http/1.1.
Because the spec says
o Identification Sequence: The precise set of octet values that
identifies the protocol. This could be the UTF-8 encoding
[RFC3629] of the protocol name.
and the name is uppercase. What if someone really sends
"HTTP/1.1".getBytes("UTF-8")?
--Max
More information about the security-dev
mailing list