On Wed, Oct 8, 2014 at 10:31 PM, Greg Wilkins <gregw@intalio.com> wrote: > This PR is a proposal for 3). I would look at it as penalising servers > that do > not accept strong ciphers rather than as penalising clients that offer h2. > But the problem is that those servers already exist and so the variable behavior is what clients do. I don't want to speak for Patrick, but I would be surprised if Mozilla were willing to make a change to Firefox that would cause an extra set of round trips for a large fraction of the Web servers in the world. > if the client and the server disagree about which ciphers are >> acceptable for H2 (and specifically if the server likes some cipher for >> H2 that the client does not) then you get a successful TLS connection >> but the H2 stack generates an error. At this point, the client could retry >> if it wished. >> > > That was my very first suggestion way way back at the start of this whole > thread. > It was unacceptable but I can't recall why. > I don't recall this discussion, but in any case your current proposal seems less good for the reasons I laid out. -Ekr
Received on Thursday, 9 October 2014 14:43:20 UTC