W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 5 Sep 2014 16:35:57 -0700
Message-ID: <CABkgnnWAdm1TLP2XCKNU-6RPACLfooQV73R7Gpoemv+9PNULCA@mail.gmail.com>
To: Greg Wilkins <gregw@intalio.com>
Cc: Patrick McManus <mcmanus@ducksong.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 5 September 2014 14:58, Greg Wilkins <gregw@intalio.com> wrote:
> I don't think it is acceptable for specifications to aggregate
> unsuccessfully like that.   Sure I can try to influence the development of
> ALPN in the JVM to support selection of cipher and protocol rather than just
> protocol - but that is not captured by an RFC.

You shouldn't have to.  Have you tried my suggestions at all?

> I'm happy to be intolerant of insecure ciphers.  If they are no good, let's
> just make them unacceptable.  Let's not discourage the use of h2.

As the draft explains, clients will still need to offer those insecure
ciphers for HTTP/1.1 backwards compatibility.
Received on Friday, 5 September 2014 23:36:25 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:37 UTC