Issue #6503 has been reported by igrigorik (Ilya Grigorik). ---------------------------------------- Feature #6503: Support for the NPN extension to TLS/SSL https://bugs.ruby-lang.org/issues/6503 Author: igrigorik (Ilya Grigorik) Status: Open Priority: Normal Assignee: Category: Target version: OpenSSL 1.0.1+ added support for Next Protocol Negotiation (NPN) extensions. A couple of relevant links: - Google technical note: https://technotes.googlecode.com/git/nextprotoneg.html - IETF draft: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-02 NPN allows the client to negotiate the session protocol as part of the TLS handshake (ex, "http 1.1", or "spdy/v{1,2,3}"). To support SPDY we need NPN support within OpenSSL core in Ruby. The API is already implemented in OpenSSL 1.0.1+, so it's a matter of adding support in Ruby core. Sister bug for Python 3.3: http://bugs.python.org/issue14204
on 2012-05-27 07:58
on 2012-05-27 12:26
Issue #6503 has been updated by mame (Yusuke Endoh). Status changed from Open to Assigned Assignee set to MartinBosslet (Martin Bosslet) Thank you Ilya! Martin, could you tell me how hard is it to implement this? -- Yusuke Endoh <mame@tsg.ne.jp> ---------------------------------------- Feature #6503: Support for the NPN extension to TLS/SSL https://bugs.ruby-lang.org/issues/6503#change-26853 Author: igrigorik (Ilya Grigorik) Status: Assigned Priority: Normal Assignee: MartinBosslet (Martin Bosslet) Category: Target version: OpenSSL 1.0.1+ added support for Next Protocol Negotiation (NPN) extensions. A couple of relevant links: - Google technical note: https://technotes.googlecode.com/git/nextprotoneg.html - IETF draft: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-02 NPN allows the client to negotiate the session protocol as part of the TLS handshake (ex, "http 1.1", or "spdy/v{1,2,3}"). To support SPDY we need NPN support within OpenSSL core in Ruby. The API is already implemented in OpenSSL 1.0.1+, so it's a matter of adding support in Ruby core. Sister bug for Python 3.3: http://bugs.python.org/issue14204
on 2012-06-06 00:33
Issue #6503 has been updated by davidbalbert (David Albert). If nobody has claimed this yet, I'm happy to take a crack at it over the next couple of days. I know the guy who wrote the Python patch and have a decent understanding of what went into it. It should not be a tremendous amount of work (famous last words). If there aren't any objections, I'll send a first pass at a patch soon. ---------------------------------------- Feature #6503: Support for the NPN extension to TLS/SSL https://bugs.ruby-lang.org/issues/6503#change-27027 Author: igrigorik (Ilya Grigorik) Status: Assigned Priority: Normal Assignee: MartinBosslet (Martin Bosslet) Category: Target version: OpenSSL 1.0.1+ added support for Next Protocol Negotiation (NPN) extensions. A couple of relevant links: - Google technical note: https://technotes.googlecode.com/git/nextprotoneg.html - IETF draft: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-02 NPN allows the client to negotiate the session protocol as part of the TLS handshake (ex, "http 1.1", or "spdy/v{1,2,3}"). To support SPDY we need NPN support within OpenSSL core in Ruby. The API is already implemented in OpenSSL 1.0.1+, so it's a matter of adding support in Ruby core. Sister bug for Python 3.3: http://bugs.python.org/issue14204
on 2012-06-06 01:31
Issue #6503 has been updated by MartinBosslet (Martin Bosslet). Thanks, Ilya, for the links! I just checked the Python patch and what OpenSSL already provides and what would be needed on our side. It's really not too much, basically feeding OpenSSL API with parameters that we could make a part of SSL context objects. One thing that worries me though is that we have nothing to really test this. @Ilya: Would you have any ideas what we could do? The RFC is still in draft status, and I've followed the conversation in [1]. Can 13172 and 67 be taken for granted? :) @David: It's OK, I'll take this, but thanks for your support! [1] http://www.ietf.org/mail-archive/web/tls/current/m... ---------------------------------------- Feature #6503: Support for the NPN extension to TLS/SSL https://bugs.ruby-lang.org/issues/6503#change-27028 Author: igrigorik (Ilya Grigorik) Status: Assigned Priority: Normal Assignee: MartinBosslet (Martin Bosslet) Category: Target version: OpenSSL 1.0.1+ added support for Next Protocol Negotiation (NPN) extensions. A couple of relevant links: - Google technical note: https://technotes.googlecode.com/git/nextprotoneg.html - IETF draft: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-02 NPN allows the client to negotiate the session protocol as part of the TLS handshake (ex, "http 1.1", or "spdy/v{1,2,3}"). To support SPDY we need NPN support within OpenSSL core in Ruby. The API is already implemented in OpenSSL 1.0.1+, so it's a matter of adding support in Ruby core. Sister bug for Python 3.3: http://bugs.python.org/issue14204
on 2012-07-05 20:24
Issue #6503 has been updated by igrigorik (Ilya Grigorik). Hey guys, apologies about the wait. @Martin: I don't follow the IANA politics, but for what its worth, I would consider it stable at this point. The support is there in OpenSSL, we have 50% of the browser market share using it to negotiate SPDY (Chrome + FF), and we have commercial vendors like F5, Akamai, and others supporting it.. :-) Also, just realized that I linked to wrong version earlier: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04 As far as testing, this is a bit of a chicken and egg problem. There are no pure Ruby libraries that you can run this against.. For an integration test, you could try performing a hadshake against a https://google.com server and test the TLS upgrade. I do have a pure Ruby spdy gem, but it needs a few updates (NPN support is the missing link, really): http://github.com/igrigorik/spdy Let me know how/if I can help. ---------------------------------------- Feature #6503: Support for the NPN extension to TLS/SSL https://bugs.ruby-lang.org/issues/6503#change-27833 Author: igrigorik (Ilya Grigorik) Status: Assigned Priority: Normal Assignee: MartinBosslet (Martin Bosslet) Category: Target version: OpenSSL 1.0.1+ added support for Next Protocol Negotiation (NPN) extensions. A couple of relevant links: - Google technical note: https://technotes.googlecode.com/git/nextprotoneg.html - IETF draft: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-02 NPN allows the client to negotiate the session protocol as part of the TLS handshake (ex, "http 1.1", or "spdy/v{1,2,3}"). To support SPDY we need NPN support within OpenSSL core in Ruby. The API is already implemented in OpenSSL 1.0.1+, so it's a matter of adding support in Ruby core. Sister bug for Python 3.3: http://bugs.python.org/issue14204
on 2012-07-06 08:51
On 2012/07/06 3:23, igrigorik (Ilya Grigorik) wrote: > > Issue #6503 has been updated by igrigorik (Ilya Grigorik). > > > Hey guys, apologies about the wait. > > @Martin: I don't follow the IANA politics, Just a small detail: That should be IETF politics, I guess. But I'm also not familiar with that corner of the IETF, sorry. Regards, Martin.
on 2012-07-06 09:04
Issue #6503 has been updated by MartinBosslet (Martin Bosslet). Category set to ext Target version set to 2.0.0 > On 2012/07/06 3:23, igrigorik (Ilya Grigorik) wrote: > > Issue #6503 has been updated by igrigorik (Ilya Grigorik). > > > Hey guys, apologies about the wait. No problem :) > @Martin: I don't follow the IANA politics, > > but for what its worth, I would consider it stable at this point. The support is there in OpenSSL, we have 50% of the browser market share using it to negotiate SPDY (Chrome + FF), and we have commercial vendors like F5, Akamai, and others supporting it.. :-) Yes, and to be honest, I'm also in favor of the technology, just wanted to make sure that it's stable enough. But from what I saw, we could handle most of it transparently, OpenSSL does the heavy lifting - so even if there were major changes, they should only affect OpenSSL itself, but hopefully not the API exposing the feature. > Also, just realized that I linked to wrong version earlier: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04 OK, thanks for the hint! > As far as testing, this is a bit of a chicken and egg problem. There are no pure Ruby libraries that you can run this against.. For an integration test, you could try performing a hadshake against a https://google.com server and test the TLS upgrade. I do have a pure Ruby spdy gem, but it needs a few updates (NPN support is the missing link, really): http://github.com/igrigorik/spdy True. I also thought of directly testing against https://google.com, it's a fairly stable server ;) But I was wondering how internal policies are, is it sound to test against external URLs? Could some of the other devs please comment on this? > Let me know how/if I can help. Will do, thanks for your help! If nobody has major reservations, I would add support soon. -Martin ---------------------------------------- Feature #6503: Support for the NPN extension to TLS/SSL https://bugs.ruby-lang.org/issues/6503#change-27848 Author: igrigorik (Ilya Grigorik) Status: Assigned Priority: Normal Assignee: MartinBosslet (Martin Bosslet) Category: ext Target version: 2.0.0 OpenSSL 1.0.1+ added support for Next Protocol Negotiation (NPN) extensions. A couple of relevant links: - Google technical note: https://technotes.googlecode.com/git/nextprotoneg.html - IETF draft: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-02 NPN allows the client to negotiate the session protocol as part of the TLS handshake (ex, "http 1.1", or "spdy/v{1,2,3}"). To support SPDY we need NPN support within OpenSSL core in Ruby. The API is already implemented in OpenSSL 1.0.1+, so it's a matter of adding support in Ruby core. Sister bug for Python 3.3: http://bugs.python.org/issue14204
on 2012-07-06 09:12
Issue #6503 has been updated by MartinBosslet (Martin Bosslet). duerst (Martin Dürst) wrote: > Just a small detail: That should be IETF politics, I guess. But I'm also > not familiar with that corner of the IETF, sorry. > Just out of curiosity - because IETF is in charge of the TLS extension registry? That's what I think I understood from [1] at least: > TLS ExtensionType Registry: Future values are allocated via IETF Consensus [1] http://tools.ietf.org/html/rfc5246#section-12 ---------------------------------------- Feature #6503: Support for the NPN extension to TLS/SSL https://bugs.ruby-lang.org/issues/6503#change-27850 Author: igrigorik (Ilya Grigorik) Status: Assigned Priority: Normal Assignee: MartinBosslet (Martin Bosslet) Category: ext Target version: 2.0.0 OpenSSL 1.0.1+ added support for Next Protocol Negotiation (NPN) extensions. A couple of relevant links: - Google technical note: https://technotes.googlecode.com/git/nextprotoneg.html - IETF draft: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-02 NPN allows the client to negotiate the session protocol as part of the TLS handshake (ex, "http 1.1", or "spdy/v{1,2,3}"). To support SPDY we need NPN support within OpenSSL core in Ruby. The API is already implemented in OpenSSL 1.0.1+, so it's a matter of adding support in Ruby core. Sister bug for Python 3.3: http://bugs.python.org/issue14204
on 2012-07-10 08:31
On 2012/07/06 16:10, MartinBosslet (Martin Bosslet) wrote: > That's what I think I understood from [1] at least: > >> TLS ExtensionType Registry: Future values are allocated via IETF Consensus Yes. More generally, IANA is only a clerical office function. Regards, Martin.
on 2012-07-28 06:38
Issue #6503 has been updated by igrigorik (Ilya Grigorik). Martin, let me know if you run into any questions or issues.. would love to see this working, sooner rather later. :-) ---------------------------------------- Feature #6503: Support for the NPN extension to TLS/SSL https://bugs.ruby-lang.org/issues/6503#change-28502 Author: igrigorik (Ilya Grigorik) Status: Assigned Priority: Normal Assignee: MartinBosslet (Martin Bosslet) Category: ext Target version: 2.0.0 OpenSSL 1.0.1+ added support for Next Protocol Negotiation (NPN) extensions. A couple of relevant links: - Google technical note: https://technotes.googlecode.com/git/nextprotoneg.html - IETF draft: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-02 NPN allows the client to negotiate the session protocol as part of the TLS handshake (ex, "http 1.1", or "spdy/v{1,2,3}"). To support SPDY we need NPN support within OpenSSL core in Ruby. The API is already implemented in OpenSSL 1.0.1+, so it's a matter of adding support in Ruby core. Sister bug for Python 3.3: http://bugs.python.org/issue14204
on 2012-08-01 16:44
Issue #6503 has been updated by MartinBosslet (Martin Bosslet). igrigorik (Ilya Grigorik) wrote: > Martin, let me know if you run into any questions or issues.. would love to see this working, sooner rather later. :-) Thanks for the offer, I'll get back to you if I run into trouble :) I'll try to implement it for the next 1.9.3 patch release. ---------------------------------------- Feature #6503: Support for the NPN extension to TLS/SSL https://bugs.ruby-lang.org/issues/6503#change-28582 Author: igrigorik (Ilya Grigorik) Status: Assigned Priority: Normal Assignee: MartinBosslet (Martin Bosslet) Category: ext Target version: 2.0.0 OpenSSL 1.0.1+ added support for Next Protocol Negotiation (NPN) extensions. A couple of relevant links: - Google technical note: https://technotes.googlecode.com/git/nextprotoneg.html - IETF draft: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-02 NPN allows the client to negotiate the session protocol as part of the TLS handshake (ex, "http 1.1", or "spdy/v{1,2,3}"). To support SPDY we need NPN support within OpenSSL core in Ruby. The API is already implemented in OpenSSL 1.0.1+, so it's a matter of adding support in Ruby core. Sister bug for Python 3.3: http://bugs.python.org/issue14204
on 2012-08-31 11:57
Issue #6503 has been updated by MartinBosslet (Martin Bosslet). Protocols to be advertised by the server can now be set like this: ctx = ... # some OpenSSL::SSL::SSLContext ctx.npn_protocols = ["spdy/3", "spdy/2", "http/1.1"] Selection on the client is handled via callback: ctx = ... # some OpenSSL::SSL::SSLContext ctx.npn_select_cb = lambda do |protocols| # selection logic, return value must be the selected protocol protocols.first end Raising or causing an error during the callback will effectively terminate the handshake. The protocol that was finally chosen can be inspected on the resulting SSL instance with SSL#npn_protocol. By default, not setting SSLContext#npn_protocols or SSLContext#npn_select_cb will have the effect that NPN extension support is disabled. @Ilya: Although I could write tests to assert the correctness of the basic behavior, I haven't tried it in a real life scenario yet. Could you please confirm that this is working for you? ---------------------------------------- Feature #6503: Support for the NPN extension to TLS/SSL https://bugs.ruby-lang.org/issues/6503#change-29123 Author: igrigorik (Ilya Grigorik) Status: Closed Priority: Normal Assignee: MartinBosslet (Martin Bosslet) Category: ext Target version: 2.0.0 OpenSSL 1.0.1+ added support for Next Protocol Negotiation (NPN) extensions. A couple of relevant links: - Google technical note: https://technotes.googlecode.com/git/nextprotoneg.html - IETF draft: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-02 NPN allows the client to negotiate the session protocol as part of the TLS handshake (ex, "http 1.1", or "spdy/v{1,2,3}"). To support SPDY we need NPN support within OpenSSL core in Ruby. The API is already implemented in OpenSSL 1.0.1+, so it's a matter of adding support in Ruby core. Sister bug for Python 3.3: http://bugs.python.org/issue14204
on 2012-10-23 07:31
Issue #6503 has been updated by dafiku (dafi harisy). Everlastingly, an issue with the intention of I am passionate in this vicinity. I be inflicted with looked for in rank of this feature for the last numerous hours. Your locate is greatly valued. http://www.yourhousecontents.com/ http://www.electroscanogram.com/ http://www.videophototravel.info/ http://www.supershinelaundry.com/ http://www.ywor.info/ http://www.bicity.info/ http://www.ubidyne.info/ ---------------------------------------- Feature #6503: Support for the NPN extension to TLS/SSL https://bugs.ruby-lang.org/issues/6503#change-31321 Author: igrigorik (Ilya Grigorik) Status: Closed Priority: Normal Assignee: MartinBosslet (Martin Bosslet) Category: ext Target version: 2.0.0 OpenSSL 1.0.1+ added support for Next Protocol Negotiation (NPN) extensions. A couple of relevant links: - Google technical note: https://technotes.googlecode.com/git/nextprotoneg.html - IETF draft: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-02 NPN allows the client to negotiate the session protocol as part of the TLS handshake (ex, "http 1.1", or "spdy/v{1,2,3}"). To support SPDY we need NPN support within OpenSSL core in Ruby. The API is already implemented in OpenSSL 1.0.1+, so it's a matter of adding support in Ruby core. Sister bug for Python 3.3: http://bugs.python.org/issue14204
Enable email notification
Enable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
(Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
Log in with Google account | Log in with Yahoo account
No account? Register here.