[web-devel] http2
Lennart Kolmodin
kolmodin at gmail.com
Fri Nov 21 07:24:27 UTC 2014
Great work, well done!
On Fri, 21 Nov 2014 08:03 Michael Snoyman <michael at snoyman.com> wrote:
> Seconded!
>
> On Fri Nov 21 2014 at 4:22:31 AM Gregory Collins <greg at gregorycollins.net>
> wrote:
>
>> Great work Kazu!!!
>>
>> On Thu, Nov 20, 2014 at 6:08 PM, Kazu Yamamoto <kazu at iij.ad.jp> wrote:
>>
>>> Hi web-devel,
>>>
>>> This is an old topic talked one year ago. I have sticked on this
>>> project since then and can report good news.
>>>
>>> I have implemented ALPN to hs-tls, which is already
>>> merged. Unfortunately, it was appeared that this is not good enough
>>> for HTTP/2. HTTP/2 requires TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 but
>>> hs-tls does not support neither ECDHE nor AES GCM. So, I have
>>> implemented both which should be merged eventually.
>>>
>>> A branch of Warp has integrated this hs-tls lib and http2 lib. This
>>> warp app can communicate with Firefox Nightly and Chrome 39 (with
>>> HTTP/2 enabled) by HTTP/2 over TLS now.
>>>
>>> --Kazu
>>>
>>> > Hi Greg,
>>> >
>>> >> This is a nice start. I considered implementing SPDY myself soon
>>> after the
>>> >> spec was first published but the TLS stuff seemed too daunting. At
>>> the time
>>> >> I think Chrome was using a bunch of in-tree OpenSSL patches to support
>>> >> next-protocol-negotiation / TLS snap start / etc. It looks like the
>>> HTTP 2
>>> >> draft has gotten rid of those requirements but the TLS server name
>>> >> indication extension must be supported. HsOpenSSL doesn't have
>>> bindings for
>>> >> the needed functions (SSL_CTX_set_tlsext_servername_callback() /
>>> >> SSL_get_servername()) and the tls library (which I am personally
>>> reluctant
>>> >> to use for "crypto is hard to do right and you really want to use
>>> >> widely-audited code" reasons) doesn't seem to have an implementation
>>> yet
>>> >> either. OpenSSL support seems to be the easier nut to crack there.
>>> >
>>> > Indeed, TLS is tough. All existing implementations of HTTP/2.0 are
>>> > using OpenSSL HEAD, not released one. Also, spec is changing, i.e. NPN
>>> > (SPDY's one, proposals from the server side) vs ALPN (current
>>> > HTTP/2.0's one, proposals from the client side).
>>> >
>>> > I finished inter-operability test of HPACK with one in nodejs and one
>>> > in C. The next step is to implement HTTP/2.0 framing and plain-text
>>> > communication. Then, I will tackle TLS stuff. If necessary, I will
>>> > write bindings to OpenSSL.
>>> >
>>> > --Kazu
>>> > _______________________________________________
>>> > web-devel mailing list
>>> > web-devel at haskell.org
>>> > http://www.haskell.org/mailman/listinfo/web-devel
>>> _______________________________________________
>>> web-devel mailing list
>>> web-devel at haskell.org
>>> http://www.haskell.org/mailman/listinfo/web-devel
>>>
>>
>>
>>
>> --
>> Gregory Collins <greg at gregorycollins.net>
>> _______________________________________________
>> web-devel mailing list
>> web-devel at haskell.org
>> http://www.haskell.org/mailman/listinfo/web-devel
>>
> _______________________________________________
> web-devel mailing list
> web-devel at haskell.org
> http://www.haskell.org/mailman/listinfo/web-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/web-devel/attachments/20141121/2cd9425e/attachment-0001.html>
More information about the web-devel
mailing list