Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

> Just like Roy, I won't implement any such control and will leave it to
> the admin to configure the proper ciphers for this, because this is the
> correct thing to do.

For what it is worth I also won't be implementing this in 
Undertow/Wildfly, and leaving it up to the admin to control the allowed 
cyphers. If this unfortunate clause does make it into the final spec 
then I may introduce some kind of strict option that makes a best effort 
guess as to what protocols should be allowed (which on Java 7 will be zero).

Another thing I really don't like about this section that Greg has 
already alluded to is that is assumes that 
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 will remain a strong and unbroken 
cypher for the life of the HTTP2 spec. If this spec has anywhere near 
the longevity of HTTP1 there is a non zero chance this will not be true.


> Willy

Received on Friday, 19 September 2014 06:32:24 UTC