- From: Greg Wilkins <gregw@intalio.com>
- Date: Sun, 5 Apr 2015 18:21:27 +1000
- To: Nicholas Hurley <hurley@mozilla.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
Received on Sunday, 5 April 2015 08:21:58 UTC
On 4 April 2015 at 05:37, Nicholas Hurley <hurley@mozilla.com> wrote: > while h2 requires SNI My reading of the spec is that h2 requires SNI to be supported, but I can't see where it says that a server must reject a connection that does not provide SNI? We've only just implemented our SNI support in jetty and we certainly have not tied it to h2 in anyway. If your key store has multiple certificates, then a provided SNI will be used to select which certificate to use and if there are none matching the connection is refused. This is entirely separate from our ALPN negotiation and I don't see where the spec requires us to tie them together (actually with the java 8 impl of SNI is was hard enough to tie the SNI name acceptance to the certificate selection)! So hopefully the clarification is just saying that required to support is not the same as required to use. cheers -- Greg Wilkins <gregw@intalio.com> @ Webtide - *an Intalio subsidiary* http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales http://www.webtide.com advice and support for jetty and cometd.
Received on Sunday, 5 April 2015 08:21:58 UTC