ALPN
   HOME

TheInfoList



Click Here for Items Related To - ALPN
OR:
ALPN on:   [Wikipedia]   [Google]   [Amazon]

Application-Layer Protocol Negotiation (ALPN) is a
Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...
(TLS) extension that allows the application layer to negotiate which
protocol Protocol may refer to: Sociology and politics * Protocol (politics), a formal agreement between nation states * Protocol (diplomacy), the etiquette of diplomacy and affairs of state * Etiquette, a code of personal behavior Science and technolog ...
should be performed over a secure connection in a manner that avoids additional round trips and which is independent of the application-layer protocols. It is used to establish
HTTP/2 HTTP/2 (originally named HTTP/2.0) is a major revision of the HTTP network protocol used by the World Wide Web. It was derived from the earlier experimental SPDY protocol, originally developed by Google. HTTP/2 was developed by the HTTP Working ...
connections without additional round trips (client and server can communicate over to ports previously assigned to HTTPS with HTTP/1.1 and upgrade to use HTTP/2 or continue with HTTP/1.1 without closing the initial connection).


Support

ALPN is supported by these libraries: *
BSAFE Dell BSAFE, formerly known as RSA BSAFE, is a FIPS 140-2 validated cryptography library, available in both C and Java. BSAFE was initially created by RSA Security, which was purchased by EMC and then, in turn, by Dell. When Dell sold the RSA ...
Micro Edition Suite since version 5.0 *
GnuTLS GnuTLS (, the GNU Transport Layer Security Library) is a free software implementation of the TLS, SSL and DTLS protocols. It offers an application programming interface (API) for applications to enable secure communication over the network trans ...
since version 3.2.0 released in May 2013 *
MatrixSSL MatrixSSL is an open-source TLS/SSL implementation designed for custom applications in embedded hardware environments. The MatrixSSL library contains a full cryptographic software module that includes industry-standard public key and symmetr ...
since version 3.7.1 released in December 2014 *
Network Security Services Network Security Services (NSS) is a collection of cryptographic computer libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on th ...
since version 3.15.5 released in April 2014 * OpenSSL since version 1.0.2 released in January 2015 *
LibreSSL LibreSSL is an open-source implementation of the Transport Layer Security (TLS) protocol. The implementation is named after Secure Sockets Layer (SSL), the deprecated predecessor of TLS, for which support was removed in release 2.3.0. The OpenBSD ...
since version 2.1.3 released in January 2015 *
mbed TLS Mbed TLS (previously PolarSSL) is an implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. It is distributed under the Apache License version 2.0. Stated on the website is that Mbed ...
(previously PolarSSL) since version 1.3.6 released in April 2014 *
s2n s2n is an open-source C99 implementation of the Transport Layer Security (TLS) protocol developed by Amazon Web Services (AWS) and released in 2015. It was developed to ensure the code—about 6,000 lines long—would be easier to review than t ...
since its original public release in June 2015. *
wolfSSL wolfSSL is a small, portable, embedded SSL/TLS library targeted for use by embedded systems developers. It is an open source implementation of TLS (SSL 3.0, TLS 1.0, 1.1, 1.2, 1.3, and DTLS 1.0, 1.2, and 1.3) written in the C programming langua ...
(formerly CyaSSL) since version 3.7.0 released in October 2015 * Go (in the standard library crypto/tls package) since version 1.4 released in December 2014 *
JSSE In computing, the Java Secure Socket Extension (JSSE) is a Java API and a provider implementation named SunJSSE that enable secure Internet communications in the Java Runtime Environment. It implements a Java technology version of the Secure Socket ...
in
Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's mos ...
since JDK 9 released in September 2017, backported to JDK 8 released in April 2020 * Win32 SSPI since Windows 8.1 and Windows Server 2012 R2 were released October 18, 2013


History


Next Protocol Negotiation

In January 2010, Google introduced IETF standard draft describing Next Protocol Negotiation TLS extension. This extension was used to negotiate experimental SPDY connections between Google Chrome and some of Google's servers. As SPDY evolved, NPN was replaced with ALPN.


Application-Layer Protocol Negotiation

On July 11, 2014, ALPN was published as . ALPN replaces Next Protocol Negotiation (NPN) extension.
TLS False Start TLS may refer to: Computing * Transport Layer Security, a cryptographic protocol for secure computer network communication * Thread level speculation, an optimisation on multiprocessor CPUs * Thread-local storage, a mechanism for allocating var ...
was disabled in Google Chrome from version 20 (2012) onward except for websites with the earlier NPN extension.


Example

ALPN is a TLS extension which is sent on the initial TLS handshake 'Client Hello', and it lists the protocols that the client (for example the web browser) supports: 
    Handshake Type: Client Hello (1)
    Length: 141
    Version: TLS 1.2 (0x0303)
    Random: dd67b5943e5efd0740519f38071008b59efbd68ab3114587...
    Session ID Length: 0
    Cipher Suites Length: 10
    Cipher Suites (5 suites)
    Compression Methods Length: 1
    Compression Methods (1 method)
    Extensions Length: 90
     ther extensions omitted    Extension: application_layer_protocol_negotiation (len=14)
        Type: application_layer_protocol_negotiation (16)
        Length: 14
        ALPN Extension Length: 12
        ALPN Protocol
            ALPN string length: 2
            ALPN Next Protocol: h2
            ALPN string length: 8
            ALPN Next Protocol: http/1.1
The resulting 'Server Hello' from the web server will also contain the ALPN extension, and it confirms which protocol will be used for the HTTP request: 
    Handshake Type: Server Hello (2)
    Length: 94
    Version: TLS 1.2 (0x0303)
    Random: 44e447964d7e8a7d3b404c4748423f02345241dcc9c7e332...
    Session ID Length: 32
    Session ID: 7667476d1d698d0a90caa1d9a449be814b89a0b52f470e2d...
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
    Compression Method: null (0)
    Extensions Length: 22
     ther extensions omitted    Extension: application_layer_protocol_negotiation (len=5)
        Type: application_layer_protocol_negotiation (16)
        Length: 5
        ALPN Extension Length: 3
        ALPN Protocol
            ALPN string length: 2
            ALPN Next Protocol: h2


References


External links


The registry of ALPN protocol IDs is maintained by IANA as a TLS extension.

draft-agl-tls-nextprotoneg-04 (NPN draft)
(last updated: May 2012) * "Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension" Transport Layer Security Telecommunications engineering Internet architecture Network performance {{compu-network-stub