On Wed, Nov 4, 2015 at 11:18 PM, Francisco Moraes < francisco.moraes@gmail.com> wrote: > But during the ALPN callback, as far as I can tell, OpenSSL still has not > selected a cipher nor protocol, so nss required a little work to make the equivalent of SSL_get_version() work during the alpn callback. Is this something that should be pursued in the openssl bug tracker? (Have you double checked that?) Its more of an open source implementation thing than a working group item.. in practice the client shouldn't be offering h2 if it isn't also offering 1.2 so this shouldn't come up as long as you're configured to unconditionally prefer 1.2.. weird behavior should be limited to clients that made non sensical offers.
Received on Thursday, 5 November 2015 01:16:41 UTC