Hi, On Fri, Jun 5, 2015 at 2:36 PM, Xuelei Fan <xuelei....@oracle.com> wrote: > See more inlines, please. > > Please help on one question I'm not sure of. Per HTTP/2 specification, > Does H2 server allow fallback to HTTP/1.1 if client requests a HTTP/2 > connection? I did not find the answer from RFC 7540.
Yes. The intended behavior is exactly to fall back to http/1.1 if h2 cannot be negotiated. This is implicitly explained in the ALPN spec, RFC 7301, see http://tools.ietf.org/html/rfc7301#section-3.2. > In TLS, if client requests to negotiate TLS v1.2, and server supports > TLS 1.2, it is not allowed to fallback to TLS v1.1. If there is not > suitable cipher suite to negotiate TLS 1.2, the connection would be > terminated immediately. I'm not sure what's the spec for HTTP/2, > HTTP/1.1 and HTTP/1.0. HTTP/2 does not behave like TLS in this sense. ALPN is for *application* protocol selection. A client can send: ["h2", "spdy/3.1", "http/1.1"] Failing h2, spdy/3.1 is attempted, which is a completely different protocol, with different restrictions, etc. > Per RFC 7540, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is a mandatory > cipher suite for H2. No. It's a mandatory cipher for *TLS 1.2 deployments only*. If the client uses TLS 1.4 does not have to have that cipher, and hence there can be an empty intersection of ciphers with the server. That cipher is only mentioned because all the mandatory TLS 1.2 ciphers have been blacklisted by HTTP/2. If TLS 1.3 was specified before HTTP/2, that cipher would not even be mentioned, and the HTTP/2 spec would have referenced only TLS 1.3 as mandatory: no black lists, no special cipher. The TLS and HTTP specifications will evolve independently, and there cannot be a requirement that whenever TLS changes, an update to HTTP/2 must be published. Hope this clarifies. Thanks ! -- Simone Bordet http://bordet.blogspot.com --- Finally, no matter how good the architecture and design are, to deliver bug-free software with optimal performance and reliability, the implementation technique must be flawless. Victoria Livschitz
