MS Open Tech Updates HTML5Labs HTTP/2.0 Prototype Delivering Internet Security in Open Source Encryption Libraries

  • Article

Download prototype that provides support in OpenSSL for Application Layer Protocol Negotiation

Adalberto Foresti
Principal Program Manager, Microsoft Open Technologies, Inc.

As part of the HTTP/2.0 effort, the industry is collaborating in the IETF Transport Layer Security Working Group (TLS WG) towards a safer and simpler Internet communication security approach. The conversation within the TLS WG on the best way to reinforce Internet communication security continues at a fast pace.

At Microsoft Open Technologies, Inc. we have been participating in this industry collaboration and are now releasing a refreshed open source HTTP/2.0 prototype on HTML5Labs.com that introduces support in the OpenSSL open source encryption library for ALPN (Application Layer Protocol Negotiation).

Earlier in February we had published on HTML5Labs an updated version of our HTTP/2.0 prototype that introduced support for ALPN. Shortly thereafter, on Thursday 2/21, Stephan Friedl and Andrei Popov proposed an update to the ALPN spec draft that refines the protocol in a couple of important aspects:

- “Application Layer Protocol Negotiation Extension” now defines ProtocolNameList and ProtocolName as variable-length arrays, as typically done in TLS. This increases payload size by 2 bytes, but allows the use of the normal TLS parsers.

- “Protocol Selection” defines a new fatal alert no_application_protocol, to be used with ALPN extension only, instead of using a generic handshake_failure alert. This is done to help distinguish application protocol negotiation issues from other handshake failures.

As we mentioned, the new prototype on HTML5Labs also leverages OpenSSL on Apache as a backend. We are making the associated patch available as open source to allow a hands-on side by side comparison of TLS with ALPN builds with the alternative based on NPN. This should allow interested developers to verify the benefits of ALPN and its compliance with established TLS design principles that we called out in our earlier prototype.

As always, we encourage you to try to the code out, and let us know your feedback. Go ahead and download the MS Open Tech HTTP/2.0 prototype using ALPN from HTML5 Labs!