Tu banner alternativo

Application-Layer Protocol Negotiation

In today's world, Application-Layer Protocol Negotiation is a topic of increasing relevance and debate. With the passage of time, it has acquired increasing importance in society, influencing different aspects of daily life. Whether in the field of politics, economics, technology, culture or any other, Application-Layer Protocol Negotiation has become a central topic that arouses conflicting opinions and diverse positions. In this article, we will explore different aspects related to Application-Layer Protocol Negotiation, analyzing its impact on society and reflecting on the implications it has for our present and future.

Tu banner alternativo

Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS) extension that allows the application layer to negotiate which protocol should be performed over a secure connection in a manner that avoids additional round trips and which is independent of the application-layer protocols. It is used to establish HTTP/2 connections without additional round trips (client and server can communicate over two ports previously assigned to HTTPS with HTTP/1.1 and upgrade to use HTTP/2 or continue with HTTP/1.1 without closing the initial connection).

Support

ALPN is supported by these libraries:

  • BSAFE Micro Edition Suite since version 5.0[1]
  • GnuTLS since version 3.2.0 released in May 2013[2]
  • MatrixSSL since version 3.7.1 released in December 2014[3]
  • Network Security Services since version 3.15.5 released in April 2014[4]
  • OpenSSL since version 1.0.2 released in January 2015[5]
  • LibreSSL since version 2.1.3 released in January 2015[6]
  • mbed TLS (previously PolarSSL) since version 1.3.6 released in April 2014[7]
  • s2n since its original public release in June 2015.
  • wolfSSL (formerly CyaSSL) since version 3.7.0 released in October 2015[8]
  • Go (in the standard library crypto/tls package) since version 1.4 released in December 2014[9]
  • JSSE in Java since JDK 9 released in September 2017,[10] backported to JDK 8 released in April 2020[11]
  • Win32 SSPI since Windows 8.1 and Windows Server 2012 R2 were released October 18, 2013[12]

History

Next Protocol Negotiation

In January 2010, Google introduced IETF standard draft describing Next Protocol Negotiation TLS extension.[13] This extension was used to negotiate experimental SPDY connections between Google Chrome and some of Google's servers. As SPDY evolved, NPN was replaced with ALPN.

Application-Layer Protocol Negotiation

On July 11, 2014, ALPN was published as RFC 7301. ALPN replaces Next Protocol Negotiation (NPN) extension.[14]

TLS False Start was disabled in Google Chrome from version 20 (2012) onward except for websites with the earlier NPN extension.[15]

Example

ALPN is a TLS extension which is sent on the initial TLS handshake 'Client Hello', and it lists the protocols that the client (for example the web browser) supports: 

    Handshake Type: Client Hello (1)
    Length: 141
    Version: TLS 1.2 (0x0303)
    Random: dd67b5943e5efd0740519f38071008b59efbd68ab3114587...
    Session ID Length: 0
    Cipher Suites Length: 10
    Cipher Suites (5 suites)
    Compression Methods Length: 1
    Compression Methods (1 method)
    Extensions Length: 90
    
    Extension: application_layer_protocol_negotiation (len=14)
        Type: application_layer_protocol_negotiation (16)
        Length: 14
        ALPN Extension Length: 12
        ALPN Protocol
            ALPN string length: 2
            ALPN Next Protocol: h2
            ALPN string length: 8
            ALPN Next Protocol: http/1.1

The resulting 'Server Hello' from the web server will also contain the ALPN extension, and it confirms which protocol will be used for the HTTP request: 

    Handshake Type: Server Hello (2)
    Length: 94
    Version: TLS 1.2 (0x0303)
    Random: 44e447964d7e8a7d3b404c4748423f02345241dcc9c7e332...
    Session ID Length: 32
    Session ID: 7667476d1d698d0a90caa1d9a449be814b89a0b52f470e2d...
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
    Compression Method: null (0)
    Extensions Length: 22
    
    Extension: application_layer_protocol_negotiation (len=5)
        Type: application_layer_protocol_negotiation (16)
        Length: 5
        ALPN Extension Length: 3
        ALPN Protocol
            ALPN string length: 2
            ALPN Next Protocol: h2

References

  1. ^ "Dell BSAFE Micro Edition Suite 5.0 Release Advisory". Retrieved 2022-10-18.
  2. ^ "gnutls 3.2.0". Archived from the original on 2016-01-31. Retrieved 2015-01-26.
  3. ^ "MatrixSSL - News". 2014-12-04. Archived from the original on 2015-02-14. Retrieved 2015-01-26.
  4. ^ "NSS 3.15.5 release notes". Mozilla Developer Network. Mozilla. Retrieved 2015-01-26.
  5. ^ "OpenSSL 1.0.2 release notes". The OpenSSL Project. 2015-01-22. Archived from the original on 2014-09-04. Retrieved 2015-01-26.
  6. ^ "LibreSSL 2.1.3 released". 2015-01-22. Retrieved 2015-01-26.
  7. ^ "Download overview - PolarSSL". 2014-04-11. Archived from the original on 2015-02-09. Retrieved 2015-01-26.
  8. ^ "wolfSSL Release Change Log". 2015-10-26. Retrieved 2015-09-11.
  9. ^ "Go 1.4 Release Notes". 2014-12-10. Retrieved 2017-11-28.
  10. ^ "JEP 244: TLS Application-Layer Protocol Negotiation Extension". 2017-08-07. Retrieved 2018-08-29.
  11. ^ "Release Note: TLS Application-Layer Protocol Negotiation Extension". 2020-04-30. Retrieved 2020-06-11.
  12. ^ "What's New in TLS/SSL (Schannel SSP)". 31 August 2016. Retrieved 2020-03-30.
  13. ^ Langley, A. (January 20, 2010). "Transport Layer Security (TLS) Next Protocol Negotiation Extension". IETF Datatracker.
  14. ^ Langley, Adam. "» NPN and ALPN". Retrieved 2 April 2013.
  15. ^ Langley, Adam. "False Start's Failure (11 Apr 2012)". Retrieved 25 September 2013.
Wikious
Boobota
Sagapedia