The ALPN RFC [1] states: In the event that the server supports no protocols that the client advertises, then the server SHALL respond with a fatal "no_application_protocol" alert. [2]
This functionality is not yet implemented in OpenSSL. Now that HTTP/2 has be published as a RFC [3], and due to HTTP/2's dependency on ALPN, it may be good to revisit the issue. The NPN specification is less specific about what to do in the event of no matching protocols, but the OpenSSL implementation also does not support failing the handshake. NPN may be a lower priority than ALPN but it would be nice to support consistent (as possible) behavior for the two extensions. This issue was originally raised on github [4]. [1] https://tools.ietf.org/html/rfc7301 [2] https://tools.ietf.org/html/rfc7301#section-3.2 [3] https://tools.ietf.org/html/rfc7540 [4] https://github.com/openssl/openssl/issues/188
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
