[web-devel] http2

Gregory Collins greg at gregorycollins.net
Fri Nov 21 02:22:26 UTC 2014 

Great work Kazu!!!

On Thu, Nov 20, 2014 at 6:08 PM, Kazu Yamamoto <kazu at iij.ad.jp> wrote:

> Hi web-devel,
>
> This is an old topic talked one year ago. I have sticked on this
> project since then and can report good news.
>
> I have implemented ALPN to hs-tls, which is already
> merged. Unfortunately, it was appeared that this is not good enough
> for HTTP/2.  HTTP/2 requires TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 but
> hs-tls does not support neither ECDHE nor AES GCM.  So, I have
> implemented both which should be merged eventually.
>
> A branch of Warp has integrated this hs-tls lib and http2 lib. This
> warp app can communicate with Firefox Nightly and Chrome 39 (with
> HTTP/2 enabled) by HTTP/2 over TLS now.
>
> --Kazu
>
> > Hi Greg,
> >
> >> This is a nice start. I considered implementing SPDY myself soon after
> the
> >> spec was first published but the TLS stuff seemed too daunting. At the
> time
> >> I think Chrome was using a bunch of in-tree OpenSSL patches to support
> >> next-protocol-negotiation / TLS snap start / etc. It looks like the
> HTTP 2
> >> draft has gotten rid of those requirements but the TLS server name
> >> indication extension must be supported. HsOpenSSL doesn't have bindings
> for
> >> the needed functions (SSL_CTX_set_tlsext_servername_callback() /
> >> SSL_get_servername()) and the tls library (which I am personally
> reluctant
> >> to use for "crypto is hard to do right and you really want to use
> >> widely-audited code" reasons) doesn't seem to have an implementation yet
> >> either. OpenSSL support seems to be the easier nut to crack there.
> >
> > Indeed, TLS is tough. All existing implementations of HTTP/2.0 are
> > using OpenSSL HEAD, not released one. Also, spec is changing, i.e. NPN
> > (SPDY's one, proposals from the server side) vs ALPN (current
> > HTTP/2.0's one, proposals from the client side).
> >
> > I finished inter-operability test of HPACK with one in nodejs and one
> > in C. The next step is to implement HTTP/2.0 framing and plain-text
> > communication. Then, I will tackle TLS stuff. If necessary, I will
> > write bindings to OpenSSL.
> >
> > --Kazu
> > _______________________________________________
> > web-devel mailing list
> > web-devel at haskell.org
> > http://www.haskell.org/mailman/listinfo/web-devel
> _______________________________________________
> web-devel mailing list
> web-devel at haskell.org
> http://www.haskell.org/mailman/listinfo/web-devel
>



-- 
Gregory Collins <greg at gregorycollins.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/web-devel/attachments/20141120/30008c1f/attachment.html>

More information about the web-devel mailing list