| msg207660 - (view) |
Author: Mark Nottingham (mnot) |
Date: 2014-01-08 03:52 |
| In #14204, support for NPN was added. Subsequently, NPN has been superseded by ALPN in the IETF, and support for it is coming in OpenSSL 1.0.2. http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg http://rt.openssl.org/Ticket/Display.html?id=3073 http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=NEWS |
|
|
| msg223998 - (view) |
Author: Mark Nottingham (mnot) |
Date: 2014-07-25 20:38 |
| HTTP/2 requires ALPN, BTW. |
|
|
| msg226479 - (view) |
Author: Cory Benfield (Lukasa) * |
Date: 2014-09-06 09:18 |
| Updating to mention a concern with ALPN implementation. HTTP/2 requires that a cipher with AEAD be negotiated. However, it also allows for offering a wider range of cipher suites: if an AEAD cipher is not present, this will allow fallback to HTTP/1.1. There's some interplay between ALPN and cipher selection here. We'll want to ensure that either ALPN negotiation can inform cipher selection or vice-versa, or writing a Python HTTP/2 server will get tricky fast. |
|
|
| msg234503 - (view) |
Author: Cory Benfield (Lukasa) * |
Date: 2015-01-22 17:12 |
| Updating to note that OpenSSL 1.0.2 has been released[0], which makes this feature supportable. [0]: https://mta.openssl.org/pipermail/openssl-announce/2015-January/000019.html |
|
|
| msg234523 - (view) |
Author: Antoine Pitrou (pitrou) *  |
Date: 2015-01-22 22:57 |
| Thanks. Now it needs someone to submit a patch. |
|
|
| msg234577 - (view) |
Author: Benjamin Peterson (benjamin.peterson) * |
Date: 2015-01-23 20:32 |
| Here you are. |
|
|
| msg234578 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2015-01-23 20:33 |
| Why is that "3.4.3"? |
|
|
| msg234579 - (view) |
Author: Benjamin Peterson (benjamin.peterson) * |
Date: 2015-01-23 20:36 |
| On Fri, Jan 23, 2015, at 15:33, Antoine Pitrou wrote: > > Antoine Pitrou added the comment: > > Why is that "3.4.3"? I wrote the patch on the 3.4 branch. |
|
|
| msg234580 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2015-01-23 20:36 |
| Well, sure, but that means you plan to make it available in 3.4.3? Why is that? |
|
|
| msg234582 - (view) |
Author: Benjamin Peterson (benjamin.peterson) * |
Date: 2015-01-23 20:39 |
| On Fri, Jan 23, 2015, at 15:36, Antoine Pitrou wrote: > > Antoine Pitrou added the comment: > > Well, sure, but that means you plan to make it available in 3.4.3? Why is > that? No, I'll apply it to 3.5. |
|
|
| msg234583 - (view) |
Author: Benjamin Peterson (benjamin.peterson) * |
Date: 2015-01-23 20:46 |
| Here's the fixed 3.5 patch. |
|
|
| msg234584 - (view) |
Author: Benjamin Peterson (benjamin.peterson) * |
Date: 2015-01-23 21:07 |
| update after review comments |
|
|
| msg234586 - (view) |
Author: Roundup Robot (python-dev)  |
Date: 2015-01-23 21:43 |
| New changeset be9fe0c66075 by Benjamin Peterson in branch 'default': add support for ALPN (closes #20188) https://hg.python.org/cpython/rev/be9fe0c66075 New changeset 7ce67d3f0908 by Benjamin Peterson in branch '2.7': pep 466 backport of alpn (#20188) https://hg.python.org/cpython/rev/7ce67d3f0908 |
|
|
| msg234816 - (view) |
Author: STINNER Victor (vstinner) * |
Date: 2015-01-27 10:16 |
| _ssl cannot be compiled with LibreSSL anymore (on OpenBSD 5.5) because of ALPN: see issue #23329. |
|
|
| msg234872 - (view) |
Author: Ned Deily (ned.deily) * |
Date: 2015-01-28 04:22 |
| _ssl.c cannot be compiled with pre-NPN versions of OpenSSL: see Issue23335. |
|
|