Re: 2 questions

On 30 March 2015 at 08:03, Yoav Nir <> wrote:
> Not quite. ALPN is carefully engineered to play nice with MitM. The MitM that are installed now (and for the last 8 years) will easily strip the ALPN extension and downgrade client and server to HTTP/1.

I'm sure that this statement makes some people very sad.

That said, I can't see how a box that is able to MitM TLS can be
prevented from doing more than ALPN stripping.  If the client trusts
it, then it's got carte blanche access.

Received on Monday, 30 March 2015 17:56:38 UTC