Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

On Fri, Sep 5, 2014 at 6:56 AM, Greg Wilkins <> wrote:

> If the ciphers are inadequate for h2, then why aren't they inadequate for
> http/1, spdy and
> other protocols the ALPN might list?

they might well be inadequate for all those protocols, but we accept them
for the sake of backwards compatibility. (basically the same reason we
accept http:// urls at all).

h2 is an opportunity to update to current best practice. If you design a
pure h2 service you can be more confident in its security properties.

Received on Friday, 5 September 2014 12:05:32 UTC