W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Stricter TLS Usage in HTTP/2

From: Jason Greene <jason.greene@redhat.com>
Date: Thu, 5 Jun 2014 08:58:56 -0500
Cc: Cory Benfield <cory@lukasa.co.uk>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <8DB82252-6FA0-43AD-B9E8-1D03B3C6D0CF@redhat.com>
To: Yoav Nir <ynir.ietf@gmail.com>

On Jun 5, 2014, at 8:01 AM, Yoav Nir <ynir.ietf@gmail.com> wrote:

> We are abandoning NPN - an experimental extension used for nothing except negotiating SPDY, itself an experimental feature. Hopefully, but the time HTTP/2 is an RFC there will be a non-beta version of OpenSSL with ALPN. Regarding Java, I have no idea.

Iím on the Java EE EG, and I can tell you that Java EE8 plans to add APIs targeting HTTP/2 and that puts a priority on Java SE8 (the current release) to support everything needed. In the meantime, implementors will just add it themselves. Itís not that complicated IMO.

BTW I agree with the earlier comment that its a bad idea to go with NPN just because the libraries havenít caught up. It might be slightly painful at first, but its far worse to have the spec tied to a non-ratified extension. 

Finally NPN is just as ďinaccessible" as ALPN in Java ATM

--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat
Received on Thursday, 5 June 2014 13:59:26 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC