W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Stricter TLS Usage in HTTP/2

From: Cory Benfield <cory@lukasa.co.uk>
Date: Wed, 4 Jun 2014 17:18:20 +0100
Message-ID: <CAH_hAJGT7Or=WC9y3ATr3=bGbLUn+C=j8hM1fVDZ-J9sEPGVmw@mail.gmail.com>
To: "Richard Wheeldon (rwheeldo)" <rwheeldo@cisco.com>
Cc: Patrick McManus <mcmanus@ducksong.com>, Yoav Nir <ynir.ietf@gmail.com>, Martin Thomson <martin.thomson@gmail.com>, William Chan (ι™ˆζ™Ίζ˜Œ) <willchan@chromium.org>, HTTP Working Group <ietf-http-wg@w3.org>, Adam Langley <agl@google.com>
On 4 June 2014 16:42, Richard Wheeldon (rwheeldo) <rwheeldo@cisco.com> wrote:
> - I think we need to be stronger on the use of ALPN. Maybe "Implementations of HTTP/2 MUST support ALPN on all TLS connections" under 9.2? There's a server requirement under 3.4 but unless I'm mistaken no hard requirement on the client.

This is a pain in the neck on platforms relying on OpenSSL. There's
_no_ Python version or package that makes ALPN available at this point
in time. This is in part because OpenSSL only has ALPN support in
beta. It's already the case that Twisted cannot be a conforming HTTP/2
server at the moment, let's not torpedo Python HTTP/2 clients as well.

Is there any reason NPN isn't good enough?
Received on Wednesday, 4 June 2014 16:18:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC