- From: Francisco Moraes <francisco.moraes@gmail.com>
- Date: Tue, 3 Nov 2015 09:59:20 -0500
- To: ietf-http-wg@w3.org
Hi, I have a few questions from a server perspective when implementing http/2: 1. if http/2 is selected to be supported, TLS 1.2 is required, but that doesn't mean that the server cannot negotiate TLS 1.x with clients that are not talking h2. It would be a client error to negotiate TLS 1.1 for example if it wants to talk h2. Should the server close the connection is for some reason TLS 1.1 or 1.0 was negotiated for http/2? 2. Appendix A of RFC 7540 lists a lot of ciphers that are black listed but the wording says the server MAY treat the negotiation of the ciphers with TLS 1.2 as a connection error. This doesn't imply that I should disallow those ciphers in my server configuration, but I have seen some of those ciphers cause an error on the client side (browser). What's the best practice here? Print a warning if those ciphers are used? Fail? Failing every single one of those ciphers leaves a very limited list of ciphers to be used. Francisco
Received on Tuesday, 3 November 2015 14:59:54 UTC