Hi, On Mon, May 25, 2015 at 12:08 PM, Michael McMahon <michael.x.mcma...@oracle.com> wrote: > Hi Brad, > > A couple of initial comments/questions. > > 1) Certificate selection is one feature envisaged by ALPN. ie a client or a > server > ought to be able to choose a different certificate depending on the > application name > that gets negotiated. Is that possible with this API?
Interesting. I can definitely see choosing the ALPN protocol based on the SNI name sent by the client. For example, a server able to speak http/1.1 and h2 receiving a request for http1.domain.com wants to force http/1.1. This would be possible, IIUC, using sslEngine.getHandshakeSession().getRequestedServerNames() in the ApplicationProtocolSelector implementation. I see less common choosing the certificate given the application protocol, but I understand it's mentioned in RFC 7301. ALPN definitely needs the cipher to be negotiated to support HTTP/2, so I hope it's not a chicken-egg problem. -- Simone Bordet http://bordet.blogspot.com --- Finally, no matter how good the architecture and design are, to deliver bug-free software with optimal performance and reliability, the implementation technique must be flawless. Victoria Livschitz