- From: Stefan Eissing <stefan.eissing@greenbytes.de>
- Date: Fri, 16 Oct 2015 13:28:27 +0200
- To: HTTP Working Group <ietf-http-wg@w3.org>
A question regarding interworking and ALPN + ciphers: During ALPN callbacks by popular SSL libs such as openssl, the cipher has/may not have been selected. This is a potential interworking problem when h2 is proposed, only to have the connection shutdown with INADEQUATE_SECURITY afterwards. I am not certain if this is depending on the order TLS extensions appear in the client hello or the particular openssl implementation. Potentially, I could try to change the cipher list during the ALPN callback, but if that will influence things, is probably also not well defined. This you get, when you mix layers, I assume. I am not sure what is the best way to address this. Limiting the cipher list to only highest grade is often not an option for a server. Any advice appreciated. //Stefan
Received on Friday, 16 October 2015 11:28:57 UTC