Contact emailsdavid...@chromium.org Specificationhttps://datatracker.ietf.org/doc/html/rfc7301
Summary This is a PSA about a small tweak to an existing feature. The change is to include the TLS ALPN extension when initiating a new connection for wss-schemed WebSockets, offering just the default "http/1.1" protocol. Currently, unlike HTTPS connections, such connections do not offer ALPN in Chrome at all. Changing this aligns with Firefox and Safari, hardens against cross-protocol attacks (see ALPACA), and makes wss eligible for the False Start optimization. It also simplifies work on the HTTPS DNS record. Blink componentInternals>Network>SSL <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3ENetwork%3ESSL> TAG review statusNot applicable Risks Interoperability and Compatibility Interoperability risk is low. Firefox and Safari are already both offering ALPN for WebSockets requests, as does Chrome for HTTPS requests. This change does not impact the HTTP version we use for WebSockets itself, nor does it require servers to implement ALPN. Whether the server accepts ALPN or not, we will continue to speak WebSockets over HTTP/1.1. Gecko: Shipped/Shipping (Firefox appears to actually initially offer both "h2" and "http/1.1". Then, if it finds an HTTP/2 server without RFC 8441 support, it retries, only offering "http/1.1". Either way, it always offers ALPN.) WebKit: Shipped/Shipping (Confirmed via Wireshark) Web developers: No signals Other signals: Debuggability Existing DevTools support for networking and WebSockets applies Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> ? n/a Requires code in //chrome?False Estimated milestones Chrome 100, as 99 is just about to branch Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5687059162333184 This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAF8qwaA1Y_GZDk0qNc_%3DhVLhye%3DScEtxjPSdEPD-mM4zpVp50Q%40mail.gmail.com.
