Application-Layer Protocol Negotiation

From Wikipedia the free encyclopedia

Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS) extension that allows the application layer to negotiate which protocol should be performed over a secure connection in a manner that avoids additional round trips and which is independent of the application-layer protocols. It is used to establish HTTP/2 connections without additional round trips (client and server can communicate over to ports previously assigned to HTTPS with HTTP/1.1 and upgrade to use HTTP/2 or continue with HTTP/1.1 without closing the initial connection).

Support[edit]

ALPN is supported by these libraries:

  • BSAFE Micro Edition Suite since version 5.0[1]
  • GnuTLS since version 3.2.0 released in May 2013[2]
  • MatrixSSL since version 3.7.1 released in December 2014[3]
  • Network Security Services since version 3.15.5 released in April 2014[4]
  • OpenSSL since version 1.0.2 released in January 2015[5]
  • LibreSSL since version 2.1.3 released in January 2015[6]
  • mbed TLS (previously PolarSSL) since version 1.3.6 released in April 2014[7]
  • s2n since its original public release in June 2015.
  • wolfSSL (formerly CyaSSL) since version 3.7.0 released in October 2015[8]
  • Go (in the standard library crypto/tls package) since version 1.4 released in December 2014[9]
  • JSSE in Java since JDK 9 released in September 2017,[10] backported to JDK 8 released in April 2020[11]
  • Win32 SSPI since Windows 8.1 and Windows Server 2012 R2 were released October 18, 2013[12]

History[edit]

Next Protocol Negotiation[edit]

In January 2010, Google introduced IETF standard draft describing Next Protocol Negotiation TLS extension.[13] This extension was used to negotiate experimental SPDY connections between Google Chrome and some of Google's servers. As SPDY evolved, NPN was replaced with ALPN.

Application-Layer Protocol Negotiation[edit]

On July 11, 2014, ALPN was published as RFC 7301. ALPN replaces Next Protocol Negotiation (NPN) extension.[14]

TLS False Start was disabled in Google Chrome from version 20 (2012) onward except for websites with the earlier NPN extension.[15]

Example[edit]

ALPN is a TLS extension which is sent on the initial TLS handshake 'Client Hello', and it lists the protocols that the client (for example the web browser) supports: 

    Handshake Type: Client Hello (1)     Length: 141     Version: TLS 1.2 (0x0303)     Random: dd67b5943e5efd0740519f38071008b59efbd68ab3114587...     Session ID Length: 0     Cipher Suites Length: 10     Cipher Suites (5 suites)     Compression Methods Length: 1     Compression Methods (1 method)     Extensions Length: 90     [other extensions omitted]     Extension: application_layer_protocol_negotiation (len=14)         Type: application_layer_protocol_negotiation (16)         Length: 14         ALPN Extension Length: 12         ALPN Protocol             ALPN string length: 2             ALPN Next Protocol: h2             ALPN string length: 8             ALPN Next Protocol: http/1.1

The resulting 'Server Hello' from the web server will also contain the ALPN extension, and it confirms which protocol will be used for the HTTP request: 

    Handshake Type: Server Hello (2)     Length: 94     Version: TLS 1.2 (0x0303)     Random: 44e447964d7e8a7d3b404c4748423f02345241dcc9c7e332...     Session ID Length: 32     Session ID: 7667476d1d698d0a90caa1d9a449be814b89a0b52f470e2d...     Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)     Compression Method: null (0)     Extensions Length: 22     [other extensions omitted]     Extension: application_layer_protocol_negotiation (len=5)         Type: application_layer_protocol_negotiation (16)         Length: 5         ALPN Extension Length: 3         ALPN Protocol             ALPN string length: 2             ALPN Next Protocol: h2

References[edit]

  1. ^ "Dell BSAFE Micro Edition Suite 5.0 Release Advisory". Retrieved 2022-10-18.
  2. ^ "gnutls 3.2.0". Archived from the original on 2016-01-31. Retrieved 2015-01-26.
  3. ^ "MatrixSSL - News". 2014-12-04. Archived from the original on 2015-02-14. Retrieved 2015-01-26.
  4. ^ "NSS 3.15.5 release notes". Mozilla Developer Network. Mozilla. Retrieved 2015-01-26.
  5. ^ "OpenSSL 1.0.2 release notes". The OpenSSL Project. 2015-01-22. Archived from the original on 2014-09-04. Retrieved 2015-01-26.
  6. ^ "LibreSSL 2.1.3 released". 2015-01-22. Retrieved 2015-01-26.
  7. ^ "Download overview - PolarSSL". 2014-04-11. Archived from the original on 2015-02-09. Retrieved 2015-01-26.
  8. ^ "wolfSSL Release Change Log". 2015-10-26. Retrieved 2015-09-11.
  9. ^ "Go 1.4 Release Notes". 2014-12-10. Retrieved 2017-11-28.
  10. ^ "JEP 244: TLS Application-Layer Protocol Negotiation Extension". 2017-08-07. Retrieved 2018-08-29.
  11. ^ "Release Note: TLS Application-Layer Protocol Negotiation Extension". 2020-04-30. Retrieved 2020-06-11.
  12. ^ "What's New in TLS/SSL (Schannel SSP)". 31 August 2016. Retrieved 2020-03-30.
  13. ^ Langley, A. (January 20, 2010). "Transport Layer Security (TLS) Next Protocol Negotiation Extension". IETF Datatracker.
  14. ^ Langley, Adam. "» NPN and ALPN". Retrieved 2 April 2013.
  15. ^ Langley, Adam. "False Start's Failure (11 Apr 2012)". Retrieved 25 September 2013.

External links[edit]


Stub icon

This computer networking article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Application-Layer_Protocol_Negotiation&oldid=1210640492"