Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

• From: Willy Tarreau <w@1wt.eu>
• Date: Tue, 23 Sep 2014 07:42:55 +0200
• To: Eric Rescorla <ekr@rtfm.com>
• Cc: Jason Greene <jason.greene@redhat.com>, Greg Wilkins <gregw@intalio.com>, Patrick McManus <pmcmanus@mozilla.com>, HTTP Working Group <ietf-http-wg@w3.org>
• Message-ID: <20140923054255.GA1286@1wt.eu>

Hi Eric,

On Mon, Sep 22, 2014 at 11:21:52AM -0700, Eric Rescorla wrote:
> > Ok but then if you wait on HTTP/3, 9.2.2 then precludes your ability to
> > select a more modern cipher category like the Aero example. So it doesn???t
> > seem to really meet the former case, and it certainly doesn???t meet the
> > latter.
> 
> I don't think that's true. 9.2.2 doesn't say you can't do non-AEAD. It says
> that you can't do stream or block. Rather:
> 
> "Clients MUST accept DHE sizes of up to 4096 bits. HTTP MUST NOT be used
> with cipher suites that use stream or block ciphers. Authenticated
> Encryption with Additional Data (AEAD) modes, such as the Galois Counter
> Model (GCM) mode for AES <Received on Tuesday, 23 September 2014 05:43:31 UTC