Editorial changes

httpwg · Sep 26, 2014 · c0a197a · c0a197a
1 parent 57669b0
commit c0a197a
Showing 1 changed file with 7 additions and 5 deletions.
diff --git a/draft-ietf-httpbis-http2.xml b/draft-ietf-httpbis-http2.xml
@@ -3662,14 +3662,16 @@ HTTP2-Settings    = token68
         <section title="TLS Cipher Suites">
           <t>
             The set of TLS 1.2 cipher suites that are permitted in HTTP/2 is restricted.  HTTP/2
-            MUST only be used with cipher suites that have ephemeral key exchange, such as the <xref
+            MUST only be used with cipher suites that permit ephemeral key exchange, such as the <xref
             target="TLS12">ephemeral Diffie-Hellman (DHE)</xref> or the <xref
             target="RFC4492">elliptic curve variant (ECDHE)</xref>.  Ephemeral key exchange MUST
             have a minimum size of 2048 bits for DHE or security level of 128 bits for ECDHE.
-            Clients that offer DHE-based suites MUST accept DHE sizes of up to 4096 bits.  HTTP MUST
-            NOT be used with cipher suites that use stream or block ciphers.  Authenticated
-            Encryption with Additional Data (AEAD) modes, such as the <xref target="RFC5288">Galois
-            Counter Model (GCM) mode for AES</xref> are acceptable.
+            Clients that offer DHE-based suites MUST accept DHE sizes of up to 4096 bits.
+          </t>
+          <t>
+            HTTP/2 MUST NOT be used with cipher suites that use stream or block ciphers.
+            Authenticated Encryption with Additional Data (AEAD) modes, such as the <xref
+            target="RFC5288">Galois Counter Model (GCM) mode for AES</xref> are acceptable.
           </t>
           <t>
             The effect of these restrictions is that TLS 1.2 implementations could have