- From: Greg Wilkins <gregw@intalio.com>
- Date: Sat, 11 Oct 2014 18:00:56 +1100
- To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAH_y2NEw5psj3w=0pt1QN6h+SXcH6iuE37eRnDO54pcouLLo0w@mail.gmail.com>
On 11 October 2014 09:23, Ilari Liusvaara <ilari.liusvaara@elisanet.fi> wrote: > Nope, all ciphers it gave are both acceptable for it and 9.2.2-compliant. So there is no problem. Any cipher the server picks is acceptable to the client for h2, so the handshake will succeed. If the server does not know XYZ and thus decides to not accept it according to 9.2.2, then the handshake will fail unless there is another cipher suite (or protocol) that the server is prepared to talk. If failure occurs in this circumstance, then it is because there is not a mutually acceptable cipher/protocol pair. The server is entitled to reject XYZ if it does not know it. Or the server can be more trusting and say that it does not know XYZ, but the client is prepared to speak it for h2, so it will also. That all depends on the server security policy - which it is entitled to enforce. Handshake failures may still happen if there are no mutually acceptable cipher/protocol pairs. The issue I want to see fixed is the handshake failures when there are mutually acceptable cipher/protocol pairs. regards -- Greg Wilkins <gregw@intalio.com> @ Webtide - *an Intalio subsidiary* http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales http://www.webtide.com advice and support for jetty and cometd.
Received on Saturday, 11 October 2014 07:01:24 UTC