W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: How to handle HTTP/2 negotiation failure WRT TLS

From: Patrick McManus <mcmanus@ducksong.com>
Date: Mon, 3 Feb 2014 10:43:11 -0500
Message-ID: <CAOdDvNqRHo5pAH8_39-eUch-vtSq-=YHQnbzSMoS=90pD2pNqg@mail.gmail.com>
To: William Chan (陈智昌) <willchan@chromium.org>
Cc: Martin Thomson <martin.thomson@gmail.com>, Brian Smith <brian@briansmith.org>, Michael Sweet <msweet@apple.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Sat, Feb 1, 2014 at 4:42 PM, William Chan (陈智昌) <willchan@chromium.org>wrote:

> It's not clear to me what "this wasn't an issue" means. I'm guessing
> that means that what we have in the spec is OK and it's not necessary
> to discuss how to handle negotiation failure and just let
> implementations figure it out. That's fine by me.
>
> I observe that as per
>
> http://dxr.mozilla.org/mozilla-central/source/netwerk/protocol/http/Http2Session.cpp
> ,
> Firefox appears to hard fail. And my inclination is to enforce the
> same policy in Chromium. This will affect other implementations that
> wish to interoperate with these browsers.
>
>
This seems like a no brainer to me.

HTTP/2 is negotiated via ALPN. If the server selects HTTP/2 and also does
something that is non-compliant with HTTP/2 that's a protocol error, not a
negotiation error.

afaict, failing to use TLS 1.2 is an example that isn't really any
different than sending a data frame > 14bits long. HTTP/2 has rules - if
you can't follow them then run a different protocol, right?



> want me/Chromium to share half-baked thoughts on stuff, that's fine
> and I will stop sharing them. Sorry for the noise.
>
>
phhhbt.
Received on Monday, 3 February 2014 15:43:40 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC