Jaa


MS Open Tech Releases Open Source Patch for OpenSSL to Enable HTTP/2.0 Secure Negotiation

As part of our commitment to the progress of HTTP/2.0 in an open and interoperable fashion, Microsoft Open Technologies, Inc., has yesterday reached out to the OpenSSL community with a proposed contribution supporting Application Layer Protocol Negotiation (ALPN) in the OpenSSL encryption libraries. We submitted a patch request to http://www.openssl.org/ that implements the relevant part of the HTTP/2.0 specification available at http://tools.ietf.org/html/draft-ietf-httpbis-http2-03#section-2.3.

Security and encryption are critical components of the next version of the HTTP protocol. If you have been following the HTTP/2.0 effort, the industry is collaborating in the IETF Transport Layer Security Working Group (TLS WG) and ALPN has been adopted as a WG draft with a broad set of contributors including Microsoft, Cisco, Google, and Orange. The latest working draft at IETF requires the use of ALPN as the mechanism for secure negotiation which means ALPN will now be a key part of HTTP/2.0.

The availability of an open source implementation of ALPN in the most popular open source encryption library allows interested developers to verify the benefits of ALPN and its compliance with established TLS design principles. This was called out in our earlier prototype that introduced support in the OpenSSL library for ALPN.

We will continue the technical conversation about this proposed contribution on the OpenSSL mailing lists as well as working closely with the IETF WG to collaborate in designing the next major version of the HTTP protocol. We encourage you to join in the discussion and participate in the HTTP/2.0 standardization effort.

Adalberto Foresti
Principal Program Manager
Microsoft Open Technologies, Inc.