The interface for the ALPN/NPN protocol selection callbacks and protocol selection notification callbacks do not allow for the handshake to fail. It is requested that the return value support for these methods be expanded to allow the handshake to fail. This may be desirable (and explicitly called out in the ALPN specification) in the event there are no common protocols found during the selection process, or if the select protocol is not acceptable.
For example:
ALPN RFC Section 3.2 specifies a new fatal alert definition no_application_protocol(120) which can be used. This is currently not defined in openssl.
The NPN specification is not as explicit about the alert to be used in this case but it could just result in a generic handshake_failure alert (if the callbacks return the new failure value)?
The interface for the ALPN/NPN protocol selection callbacks and protocol selection notification callbacks do not allow for the handshake to fail. It is requested that the return value support for these methods be expanded to allow the handshake to fail. This may be desirable (and explicitly called out in the ALPN specification) in the event there are no common protocols found during the selection process, or if the select protocol is not acceptable.
For example:
ALPN RFC Section 3.2 specifies a new fatal alert definition
no_application_protocol(120)which can be used. This is currently not defined in openssl.The NPN specification is not as explicit about the alert to be used in this case but it could just result in a generic handshake_failure alert (if the callbacks return the new failure value)?