TLS ALPN Proposal v5

David M. Lloyd david.lloyd at redhat.com
Fri Sep 25 15:05:48 UTC 2015


On 09/25/2015 07:29 AM, Simone Bordet wrote:
> Hi,
>
> On Fri, Sep 25, 2015 at 2:15 PM, David M. Lloyd <david.lloyd at redhat.com> wrote:
>> ...why does sorting even matter?  Why should selection not be implemented
>> 100% in user code, based on both the cipher suites list and application
>> protocol, rendering this whole discussion pointless?  It's clearly a complex
>> enough process (which is highly protocol-specific) that it seems to me quite
>> unlikely that the JDK can possibly implement this in a way that will work
>> for all use cases.
>
> Bradford can certainly provide more context here, but the "tuple
> selection" approach would have required a (large) rewrite of the
> current mechanism, and it was discarded because of resource
> constraints.
>
>> In fact, why not just use the SSLExplorer approach and be done with this
>> already?
>
> You mean this ?
> http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/samples/sni/SSLExplorer.java
> Can you expand on how such approach would look like ? Seems overkill
> to me, and all in the hands of application developers ?

Well, SNI already basically works this way, so it's not so great a stretch.

I imagine the client code simply specifying a list of protocols along 
with today's list of cipher suites.

The user-space server side logic would go like this:

* Receive SSL ServerHello
* Examine the packet for ALPN and SNI information
* Read the list of cipher suites
* Evaluate
* Select an SSLContext based on protocol and/or server name
* Construct an SSLSocket or SSLEngine as appropriate
* Set a property on the SSLSocket/SSLEngine to indicate ALPN protocol name
* (optional) Change/sort the cipher suite list on the 
SSLSocket/SSLEngine as appropriate
* Resume negotation by passing the ServerHello in to the 
SSLSocket/SSLEngine as initial data

It's not super elegant but it should work just as well as SNI works, and 
it would cover 100% of use cases since the user has complete flexibility 
to make a decision based on any combination of cipher suite selection, 
protocol name, and host name, even potentially with the option to 
pretend that ALPN wasn't recognized.

-- 
- DML



More information about the security-dev mailing list