- From: Cory Benfield <cory@lukasa.co.uk>
- Date: Wed, 17 Sep 2014 09:10:28 +0100
- To: Brian Smith <brian@briansmith.org>
- Cc: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>, Greg Wilkins <gregw@intalio.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 17 September 2014 08:52, Brian Smith <brian@briansmith.org> wrote: > And, if you simply have your server enable the TLS_ECDHE_*_AES_*_GCM_* > cipher suites (using the NIST P-256 curve), and prefer them ahead of > all others, for both HTTP/1 and HTTP/2, you can entirely avoid doing > even the stuff I mentioned above. I think this is really the simplest approach. Prioritise ciphers that are acceptable for use with h2 and have your server ignore the client's priorities in favour of its own. If the client offers *any* h2 ciphers you'll use them, otherwise you can assume that the client can't do h2 (or at least can't according to the spec). In the HTTP/1.1 case all you've done is use strong ciphers for every connection that supports them: I'm sure you'll get over it!
Received on Wednesday, 17 September 2014 08:10:57 UTC