W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Stricter TLS Usage in HTTP/2

From: Patrick McManus <mcmanus@ducksong.com>
Date: Wed, 4 Jun 2014 08:24:20 -0400
Message-ID: <CAOdDvNofkQS6GM5BSQeH9ajQ=ZJjCVN5-UoYDzbBf96vZsznBQ@mail.gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, William Chan (陈智昌) <willchan@chromium.org>, HTTP Working Group <ietf-http-wg@w3.org>, Adam Langley <agl@google.com>
On Wed, Jun 4, 2014 at 12:05 AM, Yoav Nir <ynir.ietf@gmail.com> wrote:

> As for the proposal itself, the HTTP version is negotiated in the same
> ClientHello as the list of supported ciphersuites. Making the chosen
> ciphersuite depend on the version of HTTP selected introduces some new
> logic to TLS. I don’t think this should be added to the HTTP spec.



making the chosen ciphersuite depend on the version of HTTP selected is
already a requirement of HTTP2. The proposal here is about a change to that
criteria. Section 9.2
Received on Wednesday, 4 June 2014 12:24:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC