W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 23 Sep 2014 02:16:24 -0700
Message-ID: <CABkgnnWM=kuA8kXmpSH+rev0c=C94kygx7n09gPS_EXCBukwuQ@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Greg Wilkins <gregw@intalio.com>, Eric Rescorla <ekr@rtfm.com>, Jason Greene <jason.greene@redhat.com>, Patrick McManus <pmcmanus@mozilla.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 22 September 2014 15:55, Mark Nottingham <mnot@mnot.net> wrote:
> One thing that I’ve heard is requiring clients to offer the “good” suites first, to promote interop. Does anyone see a downside to doing that?

It would definitely solve Greg's issue with Java <= 7.

The only case where this wouldn't work is where clients are unable to
alter the priority order of cipher suites.  I don't know if any of
those exist; I haven't met one yet, though I anticipate an
introduction shortly...  The worst failure mode here results in a
fallback - once you discover that the server supports HTTP/2, you can
kill off the bad suites and try again.

That seems to be the only concrete technical concern I've seen raised
in the discussion.  I think that Eric has addressed most of the
process concerns.
Received on Tuesday, 23 September 2014 09:16:56 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC