W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

alpn + ciphers

From: Stefan Eissing <stefan.eissing@greenbytes.de>
Date: Fri, 16 Oct 2015 13:28:27 +0200
Message-Id: <78A44AE4-168D-4129-AF94-38FB66286711@greenbytes.de>
To: HTTP Working Group <ietf-http-wg@w3.org>
A question regarding interworking and ALPN + ciphers:

During ALPN callbacks by popular SSL libs such as openssl, the cipher has/may not have been selected. This is a potential interworking problem when h2 is proposed, only to have the connection shutdown with INADEQUATE_SECURITY afterwards.

I am not certain if this is depending on the order TLS extensions appear in the client hello or the particular openssl implementation. Potentially, I could try to change the cipher list during the ALPN callback, but if that will influence things, is probably also not well defined. This you get, when you mix layers, I assume.

I am not sure what is the best way to address this. Limiting the cipher list to only highest grade is often not an option for a server. Any advice appreciated.

Received on Friday, 16 October 2015 11:28:57 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:39 UTC