W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: http/2 and TLS security

From: Patrick McManus <pmcmanus@mozilla.com>
Date: Wed, 4 Nov 2015 09:29:19 +0900
Message-ID: <CAOdDvNowQ1Ud4kyWMchhw3nCv-Z3Hcyaw_9mcWOmQTheY96Wyw@mail.gmail.com>
To: Francisco Moraes <francisco.moraes@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Hi Francisco

On Tue, Nov 3, 2015 at 11:59 PM, Francisco Moraes <
francisco.moraes@gmail.com> wrote:

> Hi,
> I have a few questions from a server perspective when implementing http/2:
> 1. if http/2 is selected to be supported, TLS 1.2 is required, but that
> doesn't mean that the server cannot negotiate TLS 1.x with clients that are
> not talking h2. It would be a client error to negotiate TLS 1.1 for example
> if it wants to talk h2. Should the server close the connection is for some
> reason TLS 1.1 or 1.0 was negotiated for http/2?
The server makes the final choice of both application layer protocol and
tls version (subject to intersection with what the client offers). If it
cannot select >= 1.2 then it must not select h2. Doing so would be a 7540
violation and some clients are likely to generate INADEQUATE_SECURITY.
(Firefox will.) Falling back to h1 would be fine assuming some version of
tls is negotiated.

> 2. Appendix A of RFC 7540 lists a lot of ciphers that are black listed but
> the wording says the server MAY treat the negotiation of the ciphers with
> TLS 1.2 as a connection error. This doesn't imply that I should disallow
> those ciphers in my server configuration, but I have seen some of those
> ciphers cause an error on the client side (browser). What's the best
> practice here? Print a warning if those ciphers are used? Fail? Failing
> every single one of those ciphers leaves a very limited list of ciphers to
> be used.

Restricting the cipher list to the set of best practices is definitely the
point. If you have a h2 only server then you can just disable them - just
making them lowest priority generally does the trick in a server that needs
backwards compat with older h1 clients.
Received on Wednesday, 4 November 2015 00:29:50 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC