enforce ALPN overlap?

Jan Schaumann jschauma at netmeister.org
Wed Jun 9 16:32:59 UTC 2021


Based on https://alpaca-attack.com/, I was looking at
how a TLS connection with ALPN set to e.g., "banana"
by the client to a server that has ALPN set to "h2"
would behave.  For example:

$ openssl s_server -www -accept 443 -alpn h2 \
	-key /tmp/key.pem -cert /tmp/cert.pem


$ openssl s_client -connect localhost:443 -alpn banana

It seems that OpenSSL will simply not negotiate ALPN,
but leave the connection open:

New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
read R BLOCK

In Go, a recent commit changed their behavior to
enforce ALPN overlap:

Is there any plan or consideration to follow that


More information about the openssl-users mailing list