Movatterモバイル変換

[0]ホーム
URL:

Jump to content
WikipediaThe Free Encyclopedia
Search

Application-Layer Protocol Negotiation

From Wikipedia, the free encyclopedia
Feature of the TLS network security protocol
icon
This articlerelies excessively onreferences toprimary sources. Please improve this article by addingsecondary or tertiary sources.
Find sources: "Application-Layer Protocol Negotiation" – news ·newspapers ·books ·scholar ·JSTOR(April 2013) (Learn how and when to remove this message)

Application-Layer Protocol Negotiation (ALPN) is aTransport Layer Security (TLS) extension that allows the application layer to negotiate whichprotocol should be performed over a secure connection in a manner that avoids additional round trips and which is independent of the application-layer protocols. It is used to establishHTTP/2 connections without additional round trips (client and server can communicate over two ports previously assigned to HTTPS withHTTP/1.1 and upgrade to use HTTP/2 or continue with HTTP/1.1 without closing the initial connection).

Support

[edit]

ALPN is supported by these libraries:

  • BSAFE Micro Edition Suite since version 5.0[1]
  • GnuTLS since version 3.2.0 released in May 2013[2]
  • MatrixSSL since version 3.7.1 released in December 2014[3]
  • Network Security Services since version 3.15.5 released in April 2014[4]
  • OpenSSL since version 1.0.2 released in January 2015[5]
  • LibreSSL since version 2.1.3 released in January 2015[6]
  • mbed TLS (previously PolarSSL) since version 1.3.6 released in April 2014[7]
  • s2n since its original public release in June 2015.
  • wolfSSL (formerly CyaSSL) since version 3.7.0 released in October 2015[8]
  • Go (in the standard library crypto/tls package) since version 1.4 released in December 2014[9]
  • JSSE inJava since JDK 9 released in September 2017,[10] backported to JDK 8 released in April 2020[11]
  • Win32 SSPI since Windows 8.1 and Windows Server 2012 R2 were released October 18, 2013[12]
  • Rustls[13]

History

[edit]

Next Protocol Negotiation

[edit]

In January 2010, Google introduced IETF standard draft describing Next Protocol Negotiation TLS extension.[14] This extension was used to negotiate experimental SPDY connections between Google Chrome and some of Google's servers. As SPDY evolved, NPN was replaced with ALPN.

Application-Layer Protocol Negotiation

[edit]

On July 11, 2014, ALPN was published asRFC 7301. ALPN replaces Next Protocol Negotiation (NPN) extension.[15]

TLS False Start was disabled inGoogle Chrome from version 20 (2012) onward except for websites with the earlier NPN extension.[16]

Example

[edit]

ALPN is a TLS extension which is sent on the initialTLS handshake 'Client Hello', and it lists the protocols that the client (for example the web browser) supports:

HandshakeType:ClientHello(1)Length:141Version:TLS1.2(0x0303)Random:dd67b5943e5efd0740519f38071008b59efbd68ab3114587...SessionIDLength:0CipherSuitesLength:10CipherSuites(5suites)CompressionMethodsLength:1CompressionMethods(1method)ExtensionsLength:90[otherextensionsomitted]Extension:application_layer_protocol_negotiation(len=14)Type:application_layer_protocol_negotiation(16)Length:14ALPNExtensionLength:12ALPNProtocolALPNstringlength:2ALPNNextProtocol:h2ALPNstringlength:8ALPNNextProtocol:http/1.1

The resulting 'Server Hello' from the web server will also contain the ALPN extension, and it confirms which protocol will be used for the HTTP request:

HandshakeType:ServerHello(2)Length:94Version:TLS1.2(0x0303)Random:44e447964d7e8a7d3b404c4748423f02345241dcc9c7e332...SessionIDLength:32SessionID:7667476d1d698d0a90caa1d9a449be814b89a0b52f470e2d...CipherSuite:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xc02f)CompressionMethod:null(0)ExtensionsLength:22[otherextensionsomitted]Extension:application_layer_protocol_negotiation(len=5)Type:application_layer_protocol_negotiation(16)Length:5ALPNExtensionLength:3ALPNProtocolALPNstringlength:2ALPNNextProtocol:h2

References

[edit]
  1. ^"Dell BSAFE Micro Edition Suite 5.0 Release Advisory". Retrieved2022-10-18.
  2. ^"gnutls 3.2.0". Archived fromthe original on 2016-01-31. Retrieved2015-01-26.
  3. ^"MatrixSSL - News". 2014-12-04. Archived fromthe original on 2015-02-14. Retrieved2015-01-26.
  4. ^"NSS 3.15.5 release notes".Mozilla Developer Network. Mozilla. Retrieved2015-01-26.
  5. ^"OpenSSL 1.0.2 release notes".The OpenSSL Project. 2015-01-22. Archived fromthe original on 2014-09-04. Retrieved2015-01-26.
  6. ^"LibreSSL 2.1.3 released". 2015-01-22. Retrieved2015-01-26.
  7. ^"Download overview - PolarSSL". 2014-04-11. Archived fromthe original on 2015-02-09. Retrieved2015-01-26.
  8. ^"wolfSSL Release Change Log". 2015-10-26. Retrieved2015-09-11.
  9. ^"Go 1.4 Release Notes". 2014-12-10. Retrieved2017-11-28.
  10. ^"JEP 244: TLS Application-Layer Protocol Negotiation Extension". 2017-08-07. Retrieved2018-08-29.
  11. ^"Release Note: TLS Application-Layer Protocol Negotiation Extension". 2020-04-30. Retrieved2020-06-11.
  12. ^"What's New in TLS/SSL (Schannel SSP)". 31 August 2016. Retrieved2020-03-30.
  13. ^"ClientConfig in rustls::client - Rust".docs.rs. Retrieved2026-01-11.
  14. ^Langley, A. (January 20, 2010)."Transport Layer Security (TLS) Next Protocol Negotiation Extension".IETF Datatracker.
  15. ^Langley, Adam."» NPN and ALPN". Retrieved2 April 2013.
  16. ^Langley, Adam."False Start's Failure (11 Apr 2012)". Retrieved25 September 2013.

External links

[edit]
Protocols and technologies
Public-key infrastructure
See also
History
Implementations
Notaries
Vulnerabilities
Theory
Cipher
Protocol
Implementation
Retrieved from "https://en.wikipedia.org/w/index.php?title=Application-Layer_Protocol_Negotiation&oldid=1332433845"
Categories:
Hidden categories:
[8]ページ先頭
©2009-2026 Movatter.jp