Re: H2 compatible ciphers

Am 17.10.2015 um 11:18 schrieb Kaspar Brand: Another - quite radical - approach would consist of using a whitelist, which consists of a single cipher suite only: given that section 9.2 of RFC 7540 states "Implementations of HTTP/2 MUST use TLS version 1.2" and section 9.2.2 further says

Re: http2 tests

On 14.10.2015 14:55, Eric Covener wrote: > On Wed, Oct 14, 2015 at 8:37 AM, Stefan Eissing > wrote: >> Any advice on how to add a test host (e.g. real port) to our test suite in >> the most compatible way? > > 1426878 added an SSL vhost. It seems like there is a

Re: H2 compatible ciphers

On 16.10.2015 12:45, Stefan Eissing wrote: > If the blacklist in RFC 7540 proves to be totally bogus, I'd favor > ditching it in our server checks. Sharing Yann's surprise about this huge blacklist... I'm also wondering if this won't become a Sisyphean task, in the end (will the httpwg regularly

Re: http2 tests

Thanks! Yes, I have sth like this in the works in order to test more specific http2 edge cases. You'll probably see it sometime next week. > Am 17.10.2015 um 10:58 schrieb Kaspar Brand : > >> On 14.10.2015 14:55, Eric Covener wrote: >> On Wed, Oct 14, 2015 at 8:37 AM,

Re: H2 compatible ciphers

Yes, I think whatever improvements we make, they need to be open for admin overrides. OTOH the majority of the deployments will want to have sth like modern/intermediate/old and get whatever that exactly means delivered by us as regular updates in releases (or via their distros). Especially