On 6/5/2015 12:12 AM, Simone Bordet wrote: > Hi, > > On Thu, Jun 4, 2015 at 5:53 PM, Xuelei Fan <xuelei....@oracle.com> wrote: >> On 6/4/2015 8:19 PM, Simone Bordet wrote: >>> This is not possible for HTTP/2. >>> Application protocol negotiation MUST happen *after* the TLS protocol >>> and the TLS cipher are negotiated. >>> >> Why? Is it a spec of HTTP/2? It is a point I don't understand now. >> Please help with more details. > > http://tools.ietf.org/html/rfc7540#section-9.2 > > You can only speak h2 if the cipher is strong enough as defined by RFC 7540. > Hm, I see your point now. But I may not agree with your ALPN "MUST happen after" protocol/cipher suite negotiation conclusion.
I parse this section as, a H2 server must be strong enough(comply to RFC7540), and a H2 client must also be strong enough (comply to RFC7540). Otherwise, both side may terminated the connection, and cannot declare as complying to H2. It is not necessary for an application protocol selector to detect whether a H2 server/client comply to H2 or not. If "H2" is requested, it means that the client supports H2. Otherwise, it's a client application bug. If "H2" is selected by a selected, it means that the selected server supports H2. Otherwise, it is a selector implementation bug. If something wrong in either client or server, it is expected to terminate the connection immediately, rather than downgrade to a not-strong enough level. >From the points above, I think an application protocol selector may not need to know the negotiated protocol version and cipher suite. Thanks, Xuelei
