-
Notifications
You must be signed in to change notification settings - Fork 518
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve ALPN support #108
Comments
The current design allows for multiple ALPNs to be used on the server side by creating multiple listeners in different sessions (one for each ALPN). Since each listener only registers for a single ALPN, you know which ALPN is negotiated based on which listener is given the NEW_CONNECTION. The AlpnList here is in TLS format, and does contain the full list. Besides that, I generally agree with all your other statements. It's been on my TODO list for some time to clean up how we deal with ALPNs at the API layer. |
Great, that just need documentation then.
Can you have multiple listeners on the same IP+port? This model precludes allowing the server to make a dynamic decision about ALPNs after receiving the Client Hello, such as using a different ALPN depending on the SNI information. |
Yes, for the same process you can unlimited listeners (for different/unique ALPNs) on the same IP+port. We don't currently support cross-process sharing of the IP+port though.
Correct. It is not a goal to be able to pick the ALPN as a result of the requested SNI. The listener is first chosen from the currently registered based on the connection's requested IP, UDP port and ALPN list. Once the listener is chosen, the NEW_CONNECTION event is delivered and then the listener can decide which certificate to provide. To add SNI to the mix would complicate the transport logic considerably. |
I understand that's the current design and we're not blocked by it, but expect customers to ask for dynamic ALPN at some point, they've already asked for every other setting to be dynamic. What kind of diagnostics does the app get if a new connection does not match any registered ALPNs? |
The (server) app is not directly informed of any failed connection attempts due to requests for unregistered ALPNs. This follows the similar pattern of not informing the server of an attempt to connect to a UDP port it wasn't listening to.
As far as supporting dynamic ALPN support, that would greatly complicate the design msquic currently has, and I'd push back hard until a real good reason for supporting this was provided. |
ALPN support is present but incomplete in the current implementation:
The text was updated successfully, but these errors were encountered: