- From: Jason Greene <jason.greene@redhat.com>
- Date: Thu, 6 Nov 2014 13:32:04 -0600
- To: Greg Wilkins <gregw@intalio.com>
- Cc: Mark Nottingham <mnot@mnot.net>, Patrick McManus <mcmanus@ducksong.com>, Mike Bishop <Michael.Bishop@microsoft.com>, HTTP Working Group <ietf-http-wg@w3.org>
> On Nov 6, 2014, at 1:31 PM, Jason Greene <jason.greene@redhat.com> wrote: > > >> On Nov 6, 2014, at 1:52 AM, Greg Wilkins <gregw@intalio.com> wrote: >> >> >> On 6 November 2014 16:26, Jason Greene <jason.greene@redhat.com> wrote: >>> >>> >>> Hi Greg, can you take a look at the small proposal I sent a few days ago. I think its closer to what you are looking for: >>> https://github.com/http2/http2-spec/pull/639/files >> >> >> Jason, >> >> your proposal says: >> >> + latency imposed by using a separate connection for fallback. Prohibited cipher suites >> + MUST be advertised at a lower preference than permitted cipher suites. >> >> I don't think ordering helps as there may be no ciphers in intersection of client/server h2 acceptable cipher sets (as was the case when I ran jetty on java 7). Without a robust handshake, it is impossible for a server to know at what point in the list of offered ciphers the weak fallback ciphers begin. Many servers will never even see the list and will just see the negotiated cipher. > > Assuming the ordering aspect was actually implementable, which it seems not, That should read “universally implementable”. -- Jason T. Greene WildFly Lead / JBoss EAP Platform Architect JBoss, a division of Red Hat
Received on Thursday, 6 November 2014 19:32:38 UTC