Re: #612: 9.2.2 and ALPN

> On Nov 13, 2014, at 4:18 PM, Eric J. Bowman <eric@bisonsystems.net> wrote:
> 
> Top of my To-Not-Do list, is chiming in on 9.2.2; but oh, well...
> 
> Greg Wilkins <gregw@intalio.com> wrote:
>> 
>> Roy T. Fielding <fielding@gbiv.com> wrote:
>> 
>>> I don't think there is any scenario in which INADEQUATE_SECURITY
>>> needs to be sent.  A server that wanted to send it would have
>>> refused the TLS handshake (i.e., no good ciphers offered).  A
>>> server that doesn't want to send it isn't going to.  A client that
>>> does want to send it doesn't need to -- just drop the connection.
>>> A client that doesn't want to send it is just going to make use of
>>> the completed connection, either to send an HTTP/1 request or to
>>> ignore 9.2.2 and send h2.
>>> 
>> 
> 
> I have to agree with Roy on this one. Inadequate vs. Inappropriate is a
> moot point; I'd never send either, vs. closing the connection.

Assuming that receiving the error code generates a log, while RST-ing the connection is chalked up to network glitch, it could provide information to the administrator to somehow reconfigure the server to make the logs go away.

Yoav

Received on Friday, 14 November 2014 02:40:56 UTC