Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

On Sep 23, 2014 6:48 AM, "Willy Tarreau" <w@1wt.eu> wrote:

> I think it's not easy to tell what will exist in the future, however we
can
> exhaustively list what existing ciphers we don't want to support. Thus,
> shouldn't we instead enumerate a list of properties that are incompatible
> with HTTP/2?

That is precisely what 9.2.2. does:

* MUST ephemeral

* MUST NOT block or stream cipher

The only other piece in 9.2.2 is dealing with the consequences of that.
SInce we prohibit the "MUST implement" suite in TLS 1.2, we defined a new
one so that we don't end up with mutually exclusive sets.

(Seems like every one is on a plane, one wonders if there is something
going on.)

Received on Tuesday, 23 September 2014 08:07:11 UTC