The Info List - Application-Layer Protocol Negotiation

Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS) extension for application layer protocol negotiation. ALPN allows the application layer to negotiate which protocol should be performed over a secure connection in a manner that avoids additional round trips and which is independent of the application layer protocols. It is needed by secure HTTP/2 connections, which improves the compression of web pages and reduces their latency compared to HTTP/1.x. The ALPN and HTTP/2 standards emerged from development work done by Google on the now withdrawn SPDY protocol.


1 Support 2 History 3 References 4 External links

Support[edit] ALPN is supported by these libraries.

since version 3.2.0 released in May 2013.[1] MatrixSSL since version 3.7.1 released in December 2014.[2] Network Security Services since version 3.15.5 released in April 2014.[3] OpenSSL
since version 1.0.2 released in January 2015.[4] LibreSSL since version 2.1.3 released in January 2015.[5] mbed TLS (previously PolarSSL) since version 1.3.6 released in April 2014.[6] SChannel since 8.1 / 2012 R2. s2n since its original public release in June 2015. wolfSSL (formerly CyaSSL) since version 3.7.0 released in October 2015. [7] Go (in the standard library crypto/tls package) since version 1.4 released in December 2014. [8]

History[edit] On July 11, 2014, ALPN was published as RFC 7301. ALPN replaces NPN [9] TLS False Start was disabled in Google Chrome
Google Chrome
from version 20 (2012) onward except for websites with the earlier Next Protocol Negotiation (NPN) extension.[10] References[edit]

^ "gnutls 3.2.0". Retrieved 2015-01-26.  ^ " MatrixSSL - News". 2014-12-04. Archived from the original on 2015-02-14. Retrieved 2015-01-26.  ^ "NSS 3.15.5 release notes". Mozilla Developer Network. Mozilla. Retrieved 2015-01-26.  ^ " OpenSSL
1.0.2 release notes". The OpenSSL
Project. The OpenSSL Project. 2015-01-22. Retrieved 2015-01-26.  ^ " LibreSSL 2.1.3 released". 2015-01-22. Retrieved 2015-01-26.  ^ "Download overview - PolarSSL". 2014-04-11. Retrieved 2015-01-26.  ^ "wolfSSL Release Change Log". 2015-10-26. Retrieved 2015-09-11.  ^ "Go 1.4 Release Notes". 2014-12-10. Retrieved 2017-11-28.  ^ Langley, Adam. "ยป NPN and ALPN". Retrieved 2 April 2013.  ^ Langley, Adam. "False Start's Failure (11 Apr 2012)". Retrieved 25 September 2013. 

External links[edit]

Wikimedia Commons has media related to SSL and TLS.

draft-agl-tls-nextprotoneg-04 (NPN draft) (last updated: May 2012) RFC 7301 " Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension"

v t e


Protocols and technologies

Transport Layer Security / Secure Sockets Layer (TLS/SSL) Datagram Transport Layer Security (DTLS) Server Name Indication (SNI) Application-Layer Protocol Negotiation (ALPN) DNS-based Authentication of Named Entities (DANE) DNS Certification Authority Authorization (CAA) HTTPS HTTP Strict Transport Security
HTTP Strict Transport Security
(HSTS) HTTP Public Key Pinning (HPKP) OCSP stapling Perfect forward secrecy STARTTLS

Public-key infrastructure

Automated Certificate Management Environment (ACME) Certificate authority
Certificate authority
(CA) CA/Browser Forum Certificate policy Certificate revocation list (CRL) Domain-validated certificate (DV) Extended Validation Certificate
Extended Validation Certificate
(EV) Online Certificate Status Protocol (OCSP) Public key certificate Public-key cryptography Public key infrastructure
Public key infrastructure
(PKI) Root certificate Self-signed certificate

See also

Domain Name System Security Extensions (DNSSEC) Internet Protocol Security (IPsec) Secure Shell
Secure Shell


Export of cryptography from the United States Server-Gated Cryptography


Bouncy Castle BoringSSL Botan cryptlib GnuTLS JSSE LibreSSL MatrixSSL mbed TLS NSS OpenSSL RSA BSAFE S2n SChannel SSLeay stunnel wolfSSL


Certificate Transparency Convergence HTTPS
Everywhere Perspectives Project



Man-in-the-middle attack Padding oracle attack


Bar mitzvah attack


(in regards to SSL 3.0)


Certificate authority
Certificate authority
compromise Random number generator attacks FREAK goto fail Heartbleed Lucky Thirteen attack POODLE
(in regards to TLS 1.0)

This computer networking article is a stub. You can help by expanding it.