Re: Concluding discussion on #612 (9.2.2) from Martin Thomson on 2014-10-07 (ietf-http-wg@w3.org from October to December 2014)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 7 Oct 2014 15:10:25 -0700
To: Greg Wilkins <gregw@intalio.com>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnVYLnFUYZ7ZyohHFKCsh-8Dx86YHQaENdcO8mKoAzcz0w@mail.gmail.com>

On 7 October 2014 15:03, Greg Wilkins <gregw@intalio.com> wrote:
> Clients MUST NOT advertise support of cipher suites that are prohibited by
> the above restrictions if they advertise support for HTTP/2.  If a
> connection
> is refused due to lack of a mutually acceptable cipher a client MAY retry
> the
> connection with weaker ciphers, but it MUST NOT offer support HTTP/2.

I suspect that no browser can implement that requirement and remain competitive.

Received on Tuesday, 7 October 2014 22:10:53 UTC