[web-devel] http2
Michael Snoyman
michael at snoyman.com
Fri Nov 21 05:03:53 UTC 2014
Seconded!
On Fri Nov 21 2014 at 4:22:31 AM Gregory Collins <greg at gregorycollins.net>
wrote:
> Great work Kazu!!!
>
> On Thu, Nov 20, 2014 at 6:08 PM, Kazu Yamamoto <kazu at iij.ad.jp> wrote:
>
>> Hi web-devel,
>>
>> This is an old topic talked one year ago. I have sticked on this
>> project since then and can report good news.
>>
>> I have implemented ALPN to hs-tls, which is already
>> merged. Unfortunately, it was appeared that this is not good enough
>> for HTTP/2. HTTP/2 requires TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 but
>> hs-tls does not support neither ECDHE nor AES GCM. So, I have
>> implemented both which should be merged eventually.
>>
>> A branch of Warp has integrated this hs-tls lib and http2 lib. This
>> warp app can communicate with Firefox Nightly and Chrome 39 (with
>> HTTP/2 enabled) by HTTP/2 over TLS now.
>>
>> --Kazu
>>
>> > Hi Greg,
>> >
>> >> This is a nice start. I considered implementing SPDY myself soon after
>> the
>> >> spec was first published but the TLS stuff seemed too daunting. At the
>> time
>> >> I think Chrome was using a bunch of in-tree OpenSSL patches to support
>> >> next-protocol-negotiation / TLS snap start / etc. It looks like the
>> HTTP 2
>> >> draft has gotten rid of those requirements but the TLS server name
>> >> indication extension must be supported. HsOpenSSL doesn't have
>> bindings for
>> >> the needed functions (SSL_CTX_set_tlsext_servername_callback() /
>> >> SSL_get_servername()) and the tls library (which I am personally
>> reluctant
>> >> to use for "crypto is hard to do right and you really want to use
>> >> widely-audited code" reasons) doesn't seem to have an implementation
>> yet
>> >> either. OpenSSL support seems to be the easier nut to crack there.
>> >
>> > Indeed, TLS is tough. All existing implementations of HTTP/2.0 are
>> > using OpenSSL HEAD, not released one. Also, spec is changing, i.e. NPN
>> > (SPDY's one, proposals from the server side) vs ALPN (current
>> > HTTP/2.0's one, proposals from the client side).
>> >
>> > I finished inter-operability test of HPACK with one in nodejs and one
>> > in C. The next step is to implement HTTP/2.0 framing and plain-text
>> > communication. Then, I will tackle TLS stuff. If necessary, I will
>> > write bindings to OpenSSL.
>> >
>> > --Kazu
>> > _______________________________________________
>> > web-devel mailing list
>> > web-devel at haskell.org
>> > http://www.haskell.org/mailman/listinfo/web-devel
>> _______________________________________________
>> web-devel mailing list
>> web-devel at haskell.org
>> http://www.haskell.org/mailman/listinfo/web-devel
>>
>
>
>
> --
> Gregory Collins <greg at gregorycollins.net>
> _______________________________________________
> web-devel mailing list
> web-devel at haskell.org
> http://www.haskell.org/mailman/listinfo/web-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/web-devel/attachments/20141121/76139c42/attachment.html>
More information about the web-devel
mailing list