From: "igrigorik (Ilya Grigorik)" Date: 2012-07-06T03:23:40+09:00 Subject: [ruby-core:46204] [ruby-trunk - Feature #6503] Support for the NPN extension to TLS/SSL Issue #6503 has been updated by igrigorik (Ilya Grigorik). Hey guys, apologies about the wait. @Martin: I don't follow the IANA politics, but for what its worth, I would consider it stable at this point. The support is there in OpenSSL, we have 50% of the browser market share using it to negotiate SPDY (Chrome + FF), and we have commercial vendors like F5, Akamai, and others supporting it.. :-) Also, just realized that I linked to wrong version earlier: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04 As far as testing, this is a bit of a chicken and egg problem. There are no pure Ruby libraries that you can run this against.. For an integration test, you could try performing a hadshake against a https://google.com server and test the TLS upgrade. I do have a pure Ruby spdy gem, but it needs a few updates (NPN support is the missing link, really): http://github.com/igrigorik/spdy Let me know how/if I can help. ---------------------------------------- Feature #6503: Support for the NPN extension to TLS/SSL https://bugs.ruby-lang.org/issues/6503#change-27833 Author: igrigorik (Ilya Grigorik) Status: Assigned Priority: Normal Assignee: MartinBosslet (Martin Bosslet) Category: Target version: OpenSSL 1.0.1+ added support for Next Protocol Negotiation (NPN) extensions. A couple of relevant links: - Google technical note: https://technotes.googlecode.com/git/nextprotoneg.html - IETF draft: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-02 NPN allows the client to negotiate the session protocol as part of the TLS handshake (ex, "http 1.1", or "spdy/v{1,2,3}"). To support SPDY we need NPN support within OpenSSL core in Ruby. The API is already implemented in OpenSSL 1.0.1+, so it's a matter of adding support in Ruby core. Sister bug for Python 3.3: http://bugs.python.org/issue14204 -- http://bugs.ruby-lang.org/