Follow BoringSSL's nomenclature in SSL_select_next_proto() - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2024-07-11 13:48:52 +0000
committer	tb <>	2024-07-11 13:48:52 +0000
commit	a5c7700cf78a06c8fe14f0f35da3def39cc6f10d (patch)
tree	947607486d185911b8a164dcc91eb9258875c27a /src/lib/libssl/man
parent	6f61b544177b6a47b531044ca889f6133d40969d (diff)
download	openbsd-a5c7700cf78a06c8fe14f0f35da3def39cc6f10d.tar.gz openbsd-a5c7700cf78a06c8fe14f0f35da3def39cc6f10d.tar.bz2 openbsd-a5c7700cf78a06c8fe14f0f35da3def39cc6f10d.zip

Follow BoringSSL's nomenclature in SSL_select_next_proto()

SSL_select_next_poto() was written with NPN in mind. NPN has a weird fallback mechanism which is baked into the API. This is makes no sense for ALPN, where the API behavior is undesirable since it a server should not end up choosing a protocol it doesn't (want to) support. Arguably, ALPN should simply have had its own API for protocol selection supporting the proper semantics, instead of shoehorning an NPN API into working for ALPN. Commit https://boringssl-review.googlesource.com/c/boringssl/+/17206/ renamed the arguments to work for both NPN and ALPN, with the slight downside of honoring client preference instead of the SHOULD in RFC 7301, section 3.2. This grates for most consumers in the wild, but so be it. The behavior is saner and safer. discussed with davidben ok beck

Diffstat (limited to 'src/lib/libssl/man')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: