W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

From: Michael Sweet <msweet@apple.com>
Date: Wed, 24 Sep 2014 06:27:09 -0700
Message-id: <537DD91E-B7F5-4C85-880B-5D384B69007A@apple.com>
Cc: Simone Bordet <simone.bordet@gmail.com>, Eric Rescorla <ekr@rtfm.com>, Roland Zink <roland@zinks.de>, HTTP Working Group <ietf-http-wg@w3.org>
To: Martin Thomson <martin.thomson@gmail.com>
The TLS library is enabling it - the client "gets it for free" unless it goes out of its way to pick a list of cipher suites it wants to use (whitelist) or removes a list of cipher suites that is doesn't want to use (blacklist). But until HTTP/2 no HTTP client has had to specify acceptable cipher suites...

Sent from my iPad

> On Sep 24, 2014, at 2:26 AM, Martin Thomson <martin.thomson@gmail.com> wrote:
> 
>> On 24 September 2014 02:23, Simone Bordet <simone.bordet@gmail.com> wrote:
>> A polyglot client that can speak multiple protocols (e.g. h1, h2)
>> cannot just disable ciphers globally only because one of those
>> protocols has special needs, also considering the client has no idea
>> what protocol will be chosen.
> 
> But a polyglot can ensure that it understands the implications of
> enabling suite X before it does so.  For all of the protocols it
> speaks.
> 
Received on Wednesday, 24 September 2014 13:27:38 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC