[web-devel] http2

Kazu Yamamoto (=?iso-2022-jp?B?GyRCOzNLXE9CSScbKEI=?=) kazu at iij.ad.jp
Fri Nov 21 02:08:00 UTC 2014


Hi web-devel,

This is an old topic talked one year ago. I have sticked on this
project since then and can report good news.

I have implemented ALPN to hs-tls, which is already
merged. Unfortunately, it was appeared that this is not good enough
for HTTP/2.  HTTP/2 requires TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 but
hs-tls does not support neither ECDHE nor AES GCM.  So, I have
implemented both which should be merged eventually.

A branch of Warp has integrated this hs-tls lib and http2 lib. This
warp app can communicate with Firefox Nightly and Chrome 39 (with
HTTP/2 enabled) by HTTP/2 over TLS now.

--Kazu

> Hi Greg,
> 
>> This is a nice start. I considered implementing SPDY myself soon after the
>> spec was first published but the TLS stuff seemed too daunting. At the time
>> I think Chrome was using a bunch of in-tree OpenSSL patches to support
>> next-protocol-negotiation / TLS snap start / etc. It looks like the HTTP 2
>> draft has gotten rid of those requirements but the TLS server name
>> indication extension must be supported. HsOpenSSL doesn't have bindings for
>> the needed functions (SSL_CTX_set_tlsext_servername_callback() /
>> SSL_get_servername()) and the tls library (which I am personally reluctant
>> to use for "crypto is hard to do right and you really want to use
>> widely-audited code" reasons) doesn't seem to have an implementation yet
>> either. OpenSSL support seems to be the easier nut to crack there.
> 
> Indeed, TLS is tough. All existing implementations of HTTP/2.0 are
> using OpenSSL HEAD, not released one. Also, spec is changing, i.e. NPN
> (SPDY's one, proposals from the server side) vs ALPN (current
> HTTP/2.0's one, proposals from the client side).
> 
> I finished inter-operability test of HPACK with one in nodejs and one
> in C. The next step is to implement HTTP/2.0 framing and plain-text
> communication. Then, I will tackle TLS stuff. If necessary, I will
> write bindings to OpenSSL.
> 
> --Kazu
> _______________________________________________
> web-devel mailing list
> web-devel at haskell.org
> http://www.haskell.org/mailman/listinfo/web-devel


More information about the web-devel mailing list