From: "Martin J. Dürst" Date: 2012-07-06T15:51:02+09:00 Subject: [ruby-core:46219] Re: [ruby-trunk - Feature #6503] Support for the NPN extension to TLS/SSL On 2012/07/06 3:23, igrigorik (Ilya Grigorik) wrote: > > Issue #6503 has been updated by igrigorik (Ilya Grigorik). > > > Hey guys, apologies about the wait. > > @Martin: I don't follow the IANA politics, Just a small detail: That should be IETF politics, I guess. But I'm also not familiar with that corner of the IETF, sorry. Regards, Martin. > but for what its worth, I would consider it stable at this point. The support is there in OpenSSL, we have 50% of the browser market share using it to negotiate SPDY (Chrome + FF), and we have commercial vendors like F5, Akamai, and others supporting it.. :-) > > Also, just realized that I linked to wrong version earlier: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04 > > As far as testing, this is a bit of a chicken and egg problem. There are no pure Ruby libraries that you can run this against.. For an integration test, you could try performing a hadshake against a https://google.com server and test the TLS upgrade. I do have a pure Ruby spdy gem, but it needs a few updates (NPN support is the missing link, really): http://github.com/igrigorik/spdy > > Let me know how/if I can help. > ---------------------------------------- > Feature #6503: Support for the NPN extension to TLS/SSL > https://bugs.ruby-lang.org/issues/6503#change-27833 > > Author: igrigorik (Ilya Grigorik) > Status: Assigned > Priority: Normal > Assignee: MartinBosslet (Martin Bosslet) > Category: > Target version: > > > OpenSSL 1.0.1+ added support for Next Protocol Negotiation (NPN) extensions. A couple of relevant links: > > - Google technical note: https://technotes.googlecode.com/git/nextprotoneg.html > - IETF draft: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-02 > > NPN allows the client to negotiate the session protocol as part of the TLS handshake (ex, "http 1.1", or "spdy/v{1,2,3}"). To support SPDY we need NPN support within OpenSSL core in Ruby. The API is already implemented in OpenSSL 1.0.1+, so it's a matter of adding support in Ruby core. > > Sister bug for Python 3.3: http://bugs.python.org/issue14204 > >