New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ALPN support for TLS #64387
Comments
In bpo-14204, support for NPN was added. Subsequently, NPN has been superseded by ALPN in the IETF, and support for it is coming in OpenSSL 1.0.2. http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg |
HTTP/2 requires ALPN, BTW. |
Updating to mention a concern with ALPN implementation. HTTP/2 requires that a cipher with AEAD be negotiated. However, it also allows for offering a wider range of cipher suites: if an AEAD cipher is not present, this will allow fallback to HTTP/1.1. There's some interplay between ALPN and cipher selection here. We'll want to ensure that either ALPN negotiation can inform cipher selection or vice-versa, or writing a Python HTTP/2 server will get tricky fast. |
Updating to note that OpenSSL 1.0.2 has been released0, which makes this feature supportable. |
Thanks. Now it needs someone to submit a patch. |
Here you are. |
Why is that "3.4.3"? |
On Fri, Jan 23, 2015, at 15:33, Antoine Pitrou wrote:
I wrote the patch on the 3.4 branch. |
Well, sure, but that means you plan to make it available in 3.4.3? Why is that? |
On Fri, Jan 23, 2015, at 15:36, Antoine Pitrou wrote:
No, I'll apply it to 3.5. |
Here's the fixed 3.5 patch. |
update after review comments |
New changeset be9fe0c66075 by Benjamin Peterson in branch 'default': New changeset 7ce67d3f0908 by Benjamin Peterson in branch '2.7': |
_ssl cannot be compiled with LibreSSL anymore (on OpenBSD 5.5) because of ALPN: see issue bpo-23329. |
_ssl.c cannot be compiled with pre-NPN versions of OpenSSL: see bpo-23335. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: