Re: SNI requirement for H2

On 4 April 2015 at 05:37, Nicholas Hurley <> wrote:

> while h2 requires SNI

My reading of the spec is that h2 requires SNI to be supported, but I can't
see where it says that a server must reject a connection that does not
provide SNI?

We've only just implemented our SNI support in jetty and we certainly have
not tied it to h2 in anyway.   If your key store has multiple certificates,
then a provided SNI will be used to select which certificate to use and if
there are none matching the connection is refused.

This is entirely separate from our ALPN negotiation and I don't see where
the spec requires us to tie them together (actually with the java 8 impl of
SNI is was hard enough to tie the SNI name acceptance to the certificate

So hopefully the clarification is just saying that required to support is
not the same as required to use.


Greg Wilkins <>  @  Webtide - *an Intalio subsidiary* HTTP, SPDY, Websocket server and client that scales  advice and support for jetty and cometd.

Received on Sunday, 5 April 2015 08:21:58 UTC