Re: Expectations for TLS session reuse

On Thu, Dec 22, 2016 at 7:25 AM, Richard Bradbury <> wrote:

> the position is the same for HTTP/1.1 as it is for HTTP/2

I don't think this is true. H1 is governed by 7230 section 9.. in practice
it is a connection per origin:

 The "https" scheme (Section 2.7.2
<>) is intended to
prevent (or at
   least reveal) many of these potential attacks on establishing
   authority, provided that the negotiated TLS connection is secured and
   the client properly verifies that the communicating server's identity
   matches the target URI's authority component (see [RFC2818

whereas H2 loosens that a little bit for coalescing in 7540.

Received on Thursday, 22 December 2016 15:39:34 UTC