jsr369-experts@servlet-spec.java.net

[jsr369-experts] Re: [servlet-spec users] Re: Question about TLS 1.2 Application-Layer Protocol Negotiation Extension

From: 정의근 <Eugene>
Date: Wed, 17 Dec 2014 11:02:24 +0900

On Tue, Dec 16, 2014 at 11:23 PM, Edward Burns <edward.burns_at_oracle.com>
wrote:

> >>>>> On Tue, 09 Dec 2014 12:42:17 +0000, Mark Thomas <markt_at_apache.org>
> said:
>
> MT> On 08/12/2014 20:44, Edward Burns wrote:
> >>>>>>> On Thu, 27 Nov 2014 13:49:03 +0900, Eugene Chung() <
> euigeun_chung_at_tmax.co.kr> said:
>
> EC> HTTP/2 requires ALPN extension(rfc7301) for HTTP/2 over TLS.
> EC> But Servlet 4.0(Java EE 8) will be based on Java SE 8, which is already
> EC> released.
>
> EC> Java SE 8, exactly JSSE in it, doesn't support ALPN extension.
> EC> I have been investigating but I couldn't find the way to use ALPN in a
> EC> standard fashion for container developers.
>
> EC> Is there any plan for this? (endorsed JSSE for Java SE 8?)
> EC> Or any other standard mechanism that I don't know?
>
> EB> My plan of record is to leave this as an implementation detail. Yes, I
> EB> know there is an ALPN client coming in Java SE 9, but we will be
> EB> sticking with Java SE 8 as our base.
>
> MT> That is a pretty large implementation detail. Is there nothing we can
> do
> MT> here in terms of requesting a back-port of the ALPN client to Java
> MT> 8?
>
> EB> I am willing to try. I must set one precondition before I can credibly
> EB> make such a request: establish a precedent. Is there any precedent for
> EB> such a large new feature, with significant public API, to be introduced
> EB> in a "dot release" of Java SE? I know of none off the top of my head,
> EB> but I know I have many gaps up there, particularly the older I get.
>
>
I also think there's no such precedent. It must be hard decision for the
Java SE team to make such release.
My current thinking is that around the time of the release of Servlet 4.0
and its implementations, there may be the official Java SE 9 release with
ALPN support.
So WAS vendors who don't have own JSSE provider or have difficulty to make
their own could resort to it.

Eugene



> MT> It seems like a missed opportunity to require each container to figure
> MT> out a way to make this work for them on Java 8.
>
> EB> Such missed opportunities are the breeding ground for useful FOSS, such
> EB> as the work on ALPN in Jetty. I know that's cold comfort for the
> Tomcat
> EB> community, but perhaps Apache HTTPClient cold add support for ALPN?
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.