- From: Greg Wilkins <gregw@intalio.com>
- Date: Sun, 12 Oct 2014 09:13:44 +1100
- To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
Received on Saturday, 11 October 2014 22:14:12 UTC
On 11 October 2014 19:35, Ilari Liusvaara <ilari.liusvaara@elisanet.fi> wrote: > The whole point is that after TLS stack has negotiated XYZ, the server > can't reject it anymore without interop. failure against correct client > implementation unless the server actually knows it is not 9.2.2.-acceptable Ilari, OK I get what you are illustrating now. Yes it is indeed a problem to implement 9.2.2 at all if the server cannot influence the selection of the cipher. But this is an argument against having 9.2.2 at all - as this is a problem that results from making protocol specific cipher requirements in environments where the protocol implementation is not party to the cipher negotiation. Indeed if the client only offers h2, and XYZ and the server has got XYZ in it cipher suites that the TLS layer can accept, but then decides that XYZ is not h2 acceptable - then it is in a mess. But that problem exists regardless of my proposal for a retry. The solution to that problem is to not have protocol specific cipher requirements - I'm fully OK with that! regards -- Greg Wilkins <gregw@intalio.com> @ Webtide - *an Intalio subsidiary* http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales http://www.webtide.com advice and support for jetty and cometd.
Received on Saturday, 11 October 2014 22:14:12 UTC