The java.net.ssl package extension

This change to the java.net.ssl package in the Java platform makes it so that it now supports the TLS ALPN extension. Key benefits of this change are as follows:

  • TLS clients and servers can now use multiple application-layer protocols, which may or may not use the same transport-layer port
  • The ALPN extension permits clients to prioritize application-layer protocols it supports
  • Servers can select a client protocol for the TLS connection
  • Supports HTTP/2

The following illustration was previously presented as the five basic steps to TLS handshakes. Updated for Java 9 and presented here, the following illustration indicates where the protocol names are shared between the client and server:

TLS handshakes: sharing protocol names

Once the client's list of application-layer protocols is received, the server can select the server's preferred intersection value and externally scan initial plaintext ClientHellos and select an ALPN protocol. An application server will do one of the following:

  • Select any of the supported protocols
  • Decide that the ALPN values (remotely offered and locally supported) are mutually exclusive
  • Ignore the ALPN extension

Other key behaviors with regards to the ALPN extension are as follows:

  • The server can alter connection parameters
  • After the SSL/TLS handshake starts, the application can query to see if an ALPN value has been selected yet
  • After the SSL/TLS handshake ends, the application can review which protocol was used

ClientHello is the first message in the TLS handshake. It has the following structure:

struct {
  ProtocolVersion client_version;
  Random random;
  SessionID session_id;
  CipherSuite cipher_suites<2..2^16-1>;
  CompressionMethod compression_methods<1..2^8-1>;
  Extension extensions<0..2^16-1>;
} ClientHello;
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset