Application-Layer Protocol Negotiation

Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS) extension for application layer protocol negotiation. ALPN allows the application layer to negotiate which protocol should be performed over a secure connection in a manner which avoids additional round trips and which is independent of the application layer protocols. It is used by HTTP/2.

TLS False Start was disabled in Google Chrome from version 20 (2012) onward except for websites with the earlier Next Protocol Negotiation (NPN) extension.^[1]

NPN was replaced with a reworked version, ALPN.^[2] On July 11, 2014, ALPN was published as RFC 7301.

Support

ALPN is supported by these libraries.

GnuTLS since version 3.2.0 released in May 2013.^[3]
MatrixSSL since version 3.7.1 released in December 2014.^[4]
Network Security Services since version 3.15.5 released in April 2014.^[5]
OpenSSL since version 1.0.2 released in January 2015.^[6]
LibreSSL since version 2.1.3 released in January 2015.^[7]
mbed TLS (previously PolarSSL) since version 1.3.6 released in April 2014.^[8]
SChannel since 8.1 / 2012 R2.
s2n since its original public release in June 2015.
wolfSSL (formerly CyaSSL) since version 3.7.0 released in October 2015. ^[9]

References

↑ Langley, Adam. "False Start's Failure (11 Apr 2012)". Retrieved 25 September 2013.
↑ Langley, Adam. "» NPN and ALPN". Retrieved 2 April 2013.
↑ "gnutls 3.2.0". Retrieved 2015-01-26.
↑ "MatrixSSL - News". 2014-12-04. Retrieved 2015-01-26.
↑ "NSS 3.15.5 release notes". Mozilla Developer Network. Mozilla. Retrieved 2015-01-26.
↑ "OpenSSL 1.0.2 release notes". The OpenSSL Project. The OpenSSL Project. 2015-01-22. Retrieved 2015-01-26.
↑ "LibreSSL 2.1.3 released". 2015-01-22. Retrieved 2015-01-26.
↑ "Download overview - PolarSSL". 2014-04-11. Retrieved 2015-01-26.
↑ "wolfSSL Release Change Log". 2015-10-26. Retrieved 2015-09-11.

External links

Wikimedia Commons has media related to SSL and TLS.

draft-agl-tls-nextprotoneg-04 (NPN draft) (last updated: May 2012)
RFC 7301 "Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension"

TLS and SSL

Protocols and technologies

Transport Layer Security / Secure Sockets Layer (TLS/SSL)
Datagram Transport Layer Security (DTLS)
DNS Certification Authority Authorization (CAA)
DNS-based Authentication of Named Entities (DANE)
HTTPS
HTTP Public Key Pinning (HPKP)
HTTP Strict Transport Security (HSTS)
OCSP stapling
Perfect forward secrecy
Server Name Indication (SNI)
STARTTLS
Application-Layer Protocol Negotiation (ALPN)

Public-key infrastructure

Automated Certificate Management Environment (ACME)
Certificate authority (CA)
CA/Browser Forum
Certificate policy
Certificate revocation list (CRL)
Domain-validated certificate (DV)
Extended Validation Certificate (EV)
Online Certificate Status Protocol (OCSP)
Public key certificate
Public-key cryptography
Public key infrastructure (PKI)
Root certificate
Self-signed certificate