Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

On 22 September 2014 15:55, Mark Nottingham <> wrote:
> One thing that I’ve heard is requiring clients to offer the “good” suites first, to promote interop. Does anyone see a downside to doing that?

It would definitely solve Greg's issue with Java <= 7.

The only case where this wouldn't work is where clients are unable to
alter the priority order of cipher suites.  I don't know if any of
those exist; I haven't met one yet, though I anticipate an
introduction shortly...  The worst failure mode here results in a
fallback - once you discover that the server supports HTTP/2, you can
kill off the bad suites and try again.

That seems to be the only concrete technical concern I've seen raised
in the discussion.  I think that Eric has addressed most of the
process concerns.

Received on Tuesday, 23 September 2014 09:16:56 UTC