Hello, On 05/04/2016 05:21 AM, Dirk Menstermann wrote: > Hi, > > I've trouble with the newest OpenSSL as I'm operating a webserver application > that answers with HTTP1.x and HTTP2. > > I registered the ALPN callback and in this the cipher list was adjusted > "SSL_set_cipher_list (ssl, "ECDHE-RSA-AES128-GCM-SHA256")" if H2 was negotiated. > > With versions < OpenSSL 1.0.2h this works, but now it seems that this cipher > selection will be ignored, resulting in using a cipher that is black listed for > HTTP2 (Firefox and Chrome refuse to connect) > > Was there an indented change or is there an official way to select the cipher > based on the ALPN extension value? > There was an intended change to the order in which ALPN extensions were processed, see https://github.com/openssl/openssl/commit/af2db04c9979554ada88d969da6332a827a47599 -- ALPN is now processed after SNI, since the ALPN callback is attached to the SSL_CTX, and SNI processing is likely to swap out the SSL_CTX in use. It does look like "late" TLS extensions are now handled after cipher selection, so the ALPN callback can no longer affect the negotiated cipher. Even at the specification level, how all the TLS extensions are supposed to interact with each other and the rest of the handshake is not terribly well specified, so adding -dev to discuss what the desired behavior actually is. -Ben
