Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

The TLS library is enabling it - the client "gets it for free" unless it goes out of its way to pick a list of cipher suites it wants to use (whitelist) or removes a list of cipher suites that is doesn't want to use (blacklist). But until HTTP/2 no HTTP client has had to specify acceptable cipher suites...

Sent from my iPad

> On Sep 24, 2014, at 2:26 AM, Martin Thomson <> wrote:
>> On 24 September 2014 02:23, Simone Bordet <> wrote:
>> A polyglot client that can speak multiple protocols (e.g. h1, h2)
>> cannot just disable ciphers globally only because one of those
>> protocols has special needs, also considering the client has no idea
>> what protocol will be chosen.
> But a polyglot can ensure that it understands the implications of
> enabling suite X before it does so.  For all of the protocols it
> speaks.

Received on Wednesday, 24 September 2014 13:27:38 UTC