Re: SNI requirement for H2
Greg Wilkins <gregw@intalio.com> Sun, 05 April 2015 08:24 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72F4F1A90EA for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 5 Apr 2015 01:24:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.289
X-Spam-Level:
X-Spam-Status: No, score=-6.289 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UvAyT0uQxhaN for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 5 Apr 2015 01:24:54 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF0AF1A90DD for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 5 Apr 2015 01:24:53 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Yefog-0001bO-Ae for ietf-http-wg-dist@listhub.w3.org; Sun, 05 Apr 2015 08:22:02 +0000
Resent-Date: Sun, 05 Apr 2015 08:22:02 +0000
Resent-Message-Id: <E1Yefog-0001bO-Ae@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.80) (envelope-from <gregw@intalio.com>) id 1Yefoc-0001ad-D5 for ietf-http-wg@listhub.w3.org; Sun, 05 Apr 2015 08:21:58 +0000
Received: from mail-lb0-f181.google.com ([209.85.217.181]) by maggie.w3.org with esmtps (TLS1.2:RSA_ARCFOUR_SHA1:128) (Exim 4.80) (envelope-from <gregw@intalio.com>) id 1YefoZ-0004iV-E4 for ietf-http-wg@w3.org; Sun, 05 Apr 2015 08:21:57 +0000
Received: by lbbzk7 with SMTP id zk7so4102533lbb.0 for <ietf-http-wg@w3.org>; Sun, 05 Apr 2015 01:21:28 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=N8f5K8PyynBAGo0nrjCAin+ROYmoPq8FuSINvvuai9A=; b=O38dYV9NSpNqm7Msl1pAb+H+XxbOfWeY/fVi8KFf6Lm/adEz+6fbq3YWw1bRQlIXJB QhwQX5i2aErmQ2nRWFLs9pN5uzzp0qFPv3Akb4+R1PshDhLieuFOIg9oS9vUuu7baNGK OMaE4a7N0oYXBwpXDTX5q6HbV5hAoEcT5hlAW/L/JuAYKtutUXxY44atOm0wV1fyJw+7 UebU3C7RICJq+tKVIfWGtfE0jYakRNfI0QpeANGomm3cv64uawkLczoHyMuOys/XMcla X/1Pmis0h88OtcwmUj/gc1OxxJlODyle94MkLgsTrfHsoJ4nblrPMJ3X/68hnnKtOJ2+ rzxQ==
X-Gm-Message-State: ALoCoQmZ72u25y7A7RVeWCxWXqTK44PvLmilI/E5xyrVs4dXyBfBEJqhMG+5x/ORLcqGpe4O9E3P
MIME-Version: 1.0
X-Received: by 10.112.199.36 with SMTP id jh4mr8722282lbc.49.1428222087967; Sun, 05 Apr 2015 01:21:27 -0700 (PDT)
Received: by 10.114.175.43 with HTTP; Sun, 5 Apr 2015 01:21:27 -0700 (PDT)
In-Reply-To: <CAGxKgz2-5OSwPGs=S_EVwPv-dYvPSO-H4YCiXX5wt-CxTxMVpg@mail.gmail.com>
References: <CAGxKgz2-5OSwPGs=S_EVwPv-dYvPSO-H4YCiXX5wt-CxTxMVpg@mail.gmail.com>
Date: Sun, 05 Apr 2015 18:21:27 +1000
Message-ID: <CAH_y2NH-KkT1g9rGPAwtP4zZJtY7F0MVND8Un8r=k6M7-fTHtQ@mail.gmail.com>
From: Greg Wilkins <gregw@intalio.com>
To: Nicholas Hurley <hurley@mozilla.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="001a11c3437a36d0aa0512f5dee2"
Received-SPF: permerror client-ip=209.85.217.181; envelope-from=gregw@intalio.com; helo=mail-lb0-f181.google.com
X-W3C-Hub-Spam-Status: No, score=-4.6
X-W3C-Hub-Spam-Report: AWL=-1.925, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1YefoZ-0004iV-E4 aab09d78ef59618345f58e8771627ba3
X-Original-To: ietf-http-wg@w3.org
Subject: Re: SNI requirement for H2
Archived-At: <http://www.w3.org/mid/CAH_y2NH-KkT1g9rGPAwtP4zZJtY7F0MVND8Un8r=k6M7-fTHtQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/29261
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 4 April 2015 at 05:37, Nicholas Hurley <hurley@mozilla.com> wrote: > while h2 requires SNI My reading of the spec is that h2 requires SNI to be supported, but I can't see where it says that a server must reject a connection that does not provide SNI? We've only just implemented our SNI support in jetty and we certainly have not tied it to h2 in anyway. If your key store has multiple certificates, then a provided SNI will be used to select which certificate to use and if there are none matching the connection is refused. This is entirely separate from our ALPN negotiation and I don't see where the spec requires us to tie them together (actually with the java 8 impl of SNI is was hard enough to tie the SNI name acceptance to the certificate selection)! So hopefully the clarification is just saying that required to support is not the same as required to use. cheers -- Greg Wilkins <gregw@intalio.com> @ Webtide - *an Intalio subsidiary* http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales http://www.webtide.com advice and support for jetty and cometd.
- SNI requirement for H2 Nicholas Hurley
- Re: SNI requirement for H2 Willy Tarreau
- Re: SNI requirement for H2 Roberto Peon
- Re: SNI requirement for H2 Martin Thomson
- Re: SNI requirement for H2 Willy Tarreau
- Re: SNI requirement for H2 Martin Thomson
- Re: SNI requirement for H2 Greg Wilkins