- From: Greg Wilkins <gregw@intalio.com>
- Date: Sat, 11 Oct 2014 17:54:08 +1100
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAH_y2NEa0YyBPBLv-djc9eV4ZkViM2BBuz=DJSi1=me0X_Zn0w@mail.gmail.com>
On 11 October 2014 08:44, Martin Thomson <martin.thomson@gmail.com> wrote: > You won't settle for anything short of MUST retry, > Not true. The only think I'm insisting on is that I MUST have a non-fragile handshake. I don't really care how that is done: Not supporting weak h1 ciphers; retrying for all h1 ciphers; retrying for weak h1 ciphers; enhancing ALPN to communicate protocol cipher requirements; having a fixed white list of h1 weak ciphers. In the environment that Jetty is implemented, any support of 9.2.2 is only going to be approximate at best. We mostly will ony have access to the cipher name and will have to do some regex matching on it to implement 9.2.2 - but we will be subject to configuration and surprise ciphers. Thus I just know that in reality our 9.2.2 implementation will only be approximate. This would be OK and we would make the effort - IFF we had a non-fragile handshake. I am MUST NOT fail to handshake when there are mutually acceptable cipher/protocol pairs available - even if 9.2.2 implementation is not perfect. Give me a robust handshake - any way you see fit, and then I will make a best effort attempt to implement 9.2.2. Which if ciphers develop the way you expect may well be a good implementation of it. regards -- Greg Wilkins <gregw@intalio.com> @ Webtide - *an Intalio subsidiary* http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales http://www.webtide.com advice and support for jetty and cometd.
Received on Saturday, 11 October 2014 06:54:37 UTC