is it possible in openjdk 9 to advertise application protocol in the tls handshake?
Bradford Wetmore
bradford.wetmore at oracle.com
Mon Jun 6 23:52:32 UTC 2016
JEP 244/ALPN, aka JDK-8144083/JDK-8051498 went into JDK 9 late last year.
The API/design is at:
https://bugs.openjdk.java.net/browse/JDK-8062848
In a nutshell, the client application sets the strings to send. The
server application can parse the ClientHello if desired, and can do any
SSLSocket/SSLEngine preconfiguration before starting the handshake.
During handshaking, the server library code iterates its set values, and
compares with what was received (i.e. server-preference) and chooses the
first supported value.
While the API could support either ALPN or NPN, OpenJDK only has ALPN
support as NPN was on its way out at the time of the writing.
Brad
On 6/6/2016 3:10 PM, Jon Berg wrote:
> Hi,
>
> Given that you are acting as a server, it would be nice to be able to offer
> "http/1.1" as application.
>
> The purpose of this is to get chrome to do tls false start which require
> that the server "advertise" http/1.1 in ALPN or NPN. In the tls handshake.
> To do this it is just and integer and that string that has to be included
> in the handshake message at the right place...
>
> From looking at the api it seems that this is not supported.
> And from reading http://openjdk.java.net/jeps/244 it sounds as it does
> not advertise anything, but for a server socket it is an intersection of
> what
> the client sends and what the server is capable of.
>
> Can you confirm that this is not supported in openjdk 9?
>
> Thanks,
> Jon Berg.
More information about the security-dev
mailing list