- From: Stuart Douglas <stuart.w.douglas@gmail.com>
- Date: Fri, 19 Sep 2014 16:31:51 +1000
- To: Willy Tarreau <w@1wt.eu>
- CC: Cory Benfield <cory@lukasa.co.uk>, Greg Wilkins <gregw@intalio.com>, Martin Thomson <martin.thomson@gmail.com>, Brian Smith <brian@briansmith.org>, Ilari Liusvaara <ilari.liusvaara@elisanet.fi>, HTTP Working Group <ietf-http-wg@w3.org>
> > Just like Roy, I won't implement any such control and will leave it to > the admin to configure the proper ciphers for this, because this is the > correct thing to do. For what it is worth I also won't be implementing this in Undertow/Wildfly, and leaving it up to the admin to control the allowed cyphers. If this unfortunate clause does make it into the final spec then I may introduce some kind of strict option that makes a best effort guess as to what protocols should be allowed (which on Java 7 will be zero). Another thing I really don't like about this section that Greg has already alluded to is that is assumes that TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 will remain a strong and unbroken cypher for the life of the HTTP2 spec. If this spec has anywhere near the longevity of HTTP1 there is a non zero chance this will not be true. Stuart > > Willy >
Received on Friday, 19 September 2014 06:32:24 UTC