summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/sha
diff options
context:
space:
mode:
authortb <>2024-07-11 13:48:52 +0000
committertb <>2024-07-11 13:48:52 +0000
commita5c7700cf78a06c8fe14f0f35da3def39cc6f10d (patch)
tree947607486d185911b8a164dcc91eb9258875c27a /src/lib/libcrypto/sha
parent6f61b544177b6a47b531044ca889f6133d40969d (diff)
downloadopenbsd-a5c7700cf78a06c8fe14f0f35da3def39cc6f10d.tar.gz
openbsd-a5c7700cf78a06c8fe14f0f35da3def39cc6f10d.tar.bz2
openbsd-a5c7700cf78a06c8fe14f0f35da3def39cc6f10d.zip
Follow BoringSSL's nomenclature in SSL_select_next_proto()
SSL_select_next_poto() was written with NPN in mind. NPN has a weird fallback mechanism which is baked into the API. This is makes no sense for ALPN, where the API behavior is undesirable since it a server should not end up choosing a protocol it doesn't (want to) support. Arguably, ALPN should simply have had its own API for protocol selection supporting the proper semantics, instead of shoehorning an NPN API into working for ALPN. Commit https://boringssl-review.googlesource.com/c/boringssl/+/17206/ renamed the arguments to work for both NPN and ALPN, with the slight downside of honoring client preference instead of the SHOULD in RFC 7301, section 3.2. This grates for most consumers in the wild, but so be it. The behavior is saner and safer. discussed with davidben ok beck
Diffstat (limited to 'src/lib/libcrypto/sha')
0 files changed, 0 insertions, 0 deletions