TLS ALPN Proposal v5
David M. Lloyd
david.lloyd at redhat.com
Fri Sep 25 15:05:48 UTC 2015
On 09/25/2015 07:29 AM, Simone Bordet wrote:
> Hi,
>
> On Fri, Sep 25, 2015 at 2:15 PM, David M. Lloyd <david.lloyd at redhat.com> wrote:
>> ...why does sorting even matter? Why should selection not be implemented
>> 100% in user code, based on both the cipher suites list and application
>> protocol, rendering this whole discussion pointless? It's clearly a complex
>> enough process (which is highly protocol-specific) that it seems to me quite
>> unlikely that the JDK can possibly implement this in a way that will work
>> for all use cases.
>
> Bradford can certainly provide more context here, but the "tuple
> selection" approach would have required a (large) rewrite of the
> current mechanism, and it was discarded because of resource
> constraints.
>
>> In fact, why not just use the SSLExplorer approach and be done with this
>> already?
>
> You mean this ?
> http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/samples/sni/SSLExplorer.java
> Can you expand on how such approach would look like ? Seems overkill
> to me, and all in the hands of application developers ?
Well, SNI already basically works this way, so it's not so great a stretch.
I imagine the client code simply specifying a list of protocols along
with today's list of cipher suites.
The user-space server side logic would go like this:
* Receive SSL ServerHello
* Examine the packet for ALPN and SNI information
* Read the list of cipher suites
* Evaluate
* Select an SSLContext based on protocol and/or server name
* Construct an SSLSocket or SSLEngine as appropriate
* Set a property on the SSLSocket/SSLEngine to indicate ALPN protocol name
* (optional) Change/sort the cipher suite list on the
SSLSocket/SSLEngine as appropriate
* Resume negotation by passing the ServerHello in to the
SSLSocket/SSLEngine as initial data
It's not super elegant but it should work just as well as SNI works, and
it would cover 100% of use cases since the user has complete flexibility
to make a decision based on any combination of cipher suite selection,
protocol name, and host name, even potentially with the option to
pretend that ALPN wasn't recognized.
--
- DML
More information about the security-dev
mailing list