From: "MartinBosslet (Martin Bosslet)" Date: 2012-08-31T18:56:49+09:00 Subject: [ruby-core:47384] [ruby-trunk - Feature #6503] Support for the NPN extension to TLS/SSL Issue #6503 has been updated by MartinBosslet (Martin Bosslet). Protocols to be advertised by the server can now be set like this: ctx = ... # some OpenSSL::SSL::SSLContext ctx.npn_protocols = ["spdy/3", "spdy/2", "http/1.1"] Selection on the client is handled via callback: ctx = ... # some OpenSSL::SSL::SSLContext ctx.npn_select_cb = lambda do |protocols| # selection logic, return value must be the selected protocol protocols.first end Raising or causing an error during the callback will effectively terminate the handshake. The protocol that was finally chosen can be inspected on the resulting SSL instance with SSL#npn_protocol. By default, not setting SSLContext#npn_protocols or SSLContext#npn_select_cb will have the effect that NPN extension support is disabled. @Ilya: Although I could write tests to assert the correctness of the basic behavior, I haven't tried it in a real life scenario yet. Could you please confirm that this is working for you? ---------------------------------------- Feature #6503: Support for the NPN extension to TLS/SSL https://bugs.ruby-lang.org/issues/6503#change-29123 Author: igrigorik (Ilya Grigorik) Status: Closed Priority: Normal Assignee: MartinBosslet (Martin Bosslet) Category: ext Target version: 2.0.0 OpenSSL 1.0.1+ added support for Next Protocol Negotiation (NPN) extensions. A couple of relevant links: - Google technical note: https://technotes.googlecode.com/git/nextprotoneg.html - IETF draft: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-02 NPN allows the client to negotiate the session protocol as part of the TLS handshake (ex, "http 1.1", or "spdy/v{1,2,3}"). To support SPDY we need NPN support within OpenSSL core in Ruby. The API is already implemented in OpenSSL 1.0.1+, so it's a matter of adding support in Ruby core. Sister bug for Python 3.3: http://bugs.python.org/issue14204 -- http://bugs.ruby-lang.org/