Re: SNI requirement for H2

Does anyone recall why 6066 has no SNI for IP literals? (It could be an
empty SNI field or the SNI could indicate the IP literal)?

On Fri, Apr 3, 2015 at 11:37 AM, Nicholas Hurley <> wrote:

> All,
> While looking at I came
> to the realization that it appears we have (unintentionally) made it
> impossible to speak h2 when connecting directly to an IP address (as in, IP
> address typed into URL bar as opposed to hostname typed into URL bar) and
> remain compliant with both the h2 spec and RFC 6066. 6066 specifies that
> SNI is not to be sent for an IP literal, while h2 requires SNI. You can see
> the conflict.
> In node-http2, we have decided to relax the SNI requirement, and still
> speak h2 to clients that don't give us any SNI, under the assumption that
> this (IP in URL bar, or equivalent) is the case we are hitting. I had also
> filed a bug against Firefox to stop advertising h2 in the cases where we
> won't send SNI, but am rethinking that idea, as it was pointed out (rightly
> so) that a lot of test servers never have a hostname associated with them,
> and not being able to talk h2 to test servers seems like a Bad Idea :)
> FWIW, I checked Safari, Chrome, IE (11 on Windows 7), and Firefox. Both
> Safari and Chrome send SNI regardless of IP or hostname, so they will not
> run into this problem. IE and Firefox both send SNI only for hostnames (at
> least in the configurations I tested), so they will hit this problem.
> (Obvious caveat: non-Firefox browsers may have changed their behavior in
> later versions than I have access to, so of course my testing may not hold
> true in the future.)
> I talked briefly to Martin offline, and he says we may be able to get a
> clarification on this point in during AUTH48 to (my words, now, not his)
> perhaps relax this restriction, or at least make it clear that you probably
> don't need to require SNI in a testing situation, in order to avoid this
> problem.
> Thoughts?

Received on Friday, 3 April 2015 19:07:03 UTC