Hi, On Fri, Sep 25, 2015 at 1:54 PM, <e...@zusammenkunft.net> wrote: > Hello, > > Just want to mention that with explicite http/https URLs users and > applications are somewhat used to select the application protocol first.
Well, kind of :) Some time ago, and still now, if you put "https" in a URL, you are actually talking SPDY over TLS. > In fact if I have a H2 client I would expect it to try H2 first (especially > given the fact that no weak ciphers could be negotiated anyway). So basically > cipher order would select if you want strong but fast or very strong but > slower crypto for H2. You could only mess that up by prefering blacklisted > ciphers. But even then the serrver can still pick H2 and skip all blacklisted > preferences, right? > No. Currently, the server is given a cipher and based on that cipher has to choose the application protocol. It cannot choose the cipher based on the application protocol. -- Simone Bordet http://bordet.blogspot.com --- Finally, no matter how good the architecture and design are, to deliver bug-free software with optimal performance and reliability, the implementation technique must be flawless. Victoria Livschitz
