Comments (15)
normanmaurer
commented on May 11, 2024
1
@richsalz did this ever land in openssl ? I am trying to find the changeset but no luck so far :/
from openssl.
Scottmitch
commented on May 11, 2024
@richsalz - FYI this is to continue our discussion about the ALPN / NPN failure behavior. The OpenJDK based implementations (jetty-alpn and jetty-npn) have been updated to support controlling the behavior at the granularity of each handshake (so not just a compile time flag or system property). I think this is equivalent to adding an additional return value to the openssl callbacks?
In the case of ALPN we used the no_application_protocol(120) alert and in the case of NPN we used the handshake_failure(40) alert to fail the handshake (if callbacks indicated a failure was desired).
from openssl.
Scottmitch
commented on May 11, 2024
Any updates or thoughts on this?
from openssl.
Scottmitch
commented on May 11, 2024
Now that HTTP/2 has been published as an RFC (and ALPN is already an RFC)....is there any chance of this getting re-prioritized?
from openssl.
richsalz
commented on May 11, 2024
yeah, it probably should be. can you bring it up on openssl-dev?
from openssl.
Scottmitch
commented on May 11, 2024
@richsalz - Done. Haven't received feedback that the post went through yet though. Not sure if I'm required to join before posting or if the post has to be reviewed before it makes it to the archives.
from openssl.
richsalz
commented on May 11, 2024
ah, yeah, you have to be a member of the list to post. i think nabble has a UI that lets you post
from openssl.
Scottmitch
commented on May 11, 2024
@richsalz - Join request sent.
from openssl.
Scottmitch
commented on May 11, 2024
Question posted to mailing list http://marc.info/?l=openssl-dev&m=143285528815940&w=2
from openssl.
richsalz
commented on May 11, 2024
See also http://rt.openssl.org/Ticket/Display.html?id=3463 (user/pass guest/guest)
from openssl.
Scottmitch
commented on May 11, 2024
@richsalz - I checked out the patch and it looks good. The only thing from your point of view is whether you want to make the fatal alert failure behavior in s_server optional or not. This would be to preserve existing behavior, even though it goes against the spec.
What is the timeline on evaluating / merging / targeting this for a release?
from openssl.
richsalz
commented on May 11, 2024
Finally closing this in 1.1; we'll send the alert. code to land in repo shortly.
from openssl.
Scottmitch
commented on May 11, 2024
@richsalz - Thanks for the update! So this will not land in a 1.0.2 release?
from openssl.
richsalz
commented on May 11, 2024
nope. sorry.
from openssl.
richsalz
commented on May 11, 2024
It was done in 1.1.0 and later. not backported as faras i know.
from openssl.
Related Issues (20)
- openssl ciphers -v doesn't list AES-CTR and AES-ECB cipher suits
- CI regression from the new hashtable support HOT 7
- Minerva attack on OpenSSL built without enable-ec_nistp_64_gcc_128 HOT 2
- Since OpenSSL 3.0
- openssl --version does not return on version 3.0.13 and 3.3.0 sparc v8 HOT 7
- OpenSSL Read/Write into a BIO_s_mem works only on first call per connection HOT 1
- Openssl speed reports error for RSA KEM keys using external providers in openssl3.2
- pkg-config files are no longer relocatable with 3.3 HOT 1
- `ERR_reason_error_string()` returns `NULL` for `no_application_protocol` alert HOT 4
- SM2 failed to generate public key from private key HOT 5
- Unable to verify LDAP CRL
- CMS Decryption fails randomly with BouncyCastle encrypted HOT 8
- pkcs12 - Bag attributes not written if ``-nokeys`` is used HOT 2
- Custom extensions and backwards compatibility HOT 5
- `SSL_SESSION_set_time` incorrect documentation HOT 1
- Add EVP object caching to libctx
- AES CBC 128 decryption returns a wrong result
- ossl_store_handle_load_result() unsupported for valid CRL HOT 3
- There is a memory leak defect in line 3315 of the file /openssl/apps/cmp.c.
- There is a memory leak defect in line 626 of the file /openssl/crypto/cms/cms_smime.c. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openssl.