ALPN (Application-Layer Protocol Negotiation)

ALPN (Application Layer Protocol Negotiation)是 TLS 的扩展,允许在安全连接的基础上进行应用层协议的协商。ALPN 支持任意应用层协议的协商,目前应用最多是 HTTP/2 的协商。当前主流浏览器,都只支持基于 HTTPS 部署的 HTTP/2,因为浏览器是基于 ALPN 协议来判断服务器是否支持 HTTP/2 协议。

Posted by sysin on 2020-05-01
Estimated Reading Time 2 Minutes
Words 497 In Total
Viewed Times

作者:gc(at)sysin.org,主页:www.sysin.org

ALPN (Application Layer Protocol Negotiation)是 TLS 的扩展,允许在安全连接的基础上进行应用层协议的协商。ALPN 支持任意应用层协议的协商,目前应用最多是 HTTP/2 的协商。当前主流浏览器,都只支持基于 HTTPS 部署的 HTTP/2,因为浏览器是基于 ALPN 协议来判断服务器是否支持 HTTP/2 协议。

About

See MDN Web Docs Glossary: Definitions of Web-related termsALPN

Application-Layer Protocol Negotiation (ALPN) is a TLS extension which indicates what application layer protocol is negotiating the encryped connection without requiring additional round trips.

Protocol Identification sequence
HTTP/1.1 0x68 0x74 0x74 0x70 0x2F 0x31 0x2E 0x31 (“http/1.1”)
HTTP/2 0x68 0x32 (“h2”)
HTTP/2 over cleartext TCP 0x68 0x32 0x63 (“h2c”)

Specifications

Specification Status Notes
RFC 7301 IETF RFC Initial definition.

Support

浏览器和服务端都支持ALPN 协商,是用上 HTTP/2 的大前提。

  • 关于浏览器支持

参看nginx官网文章

In May 2016, Google released Chrome build 51, eliminating support for SPDY and NPN in favor of HTTP/2 and ALPN. Although concern was expressed publicly and privately about the negative consequences before the change was made, Google went ahead, providing a brief explanation of its reasons for dropping NPN.

At that time Chrome was the only major browser that didn’t support NPN, so users could regain HTTP/2 access by switching to another browser. However, by mid‑2017 all of the most popular browser vendors except Safari (version 10) had dropped support for NPN, starting with the following versions (see the Protocol Details section on the page for each browser at Qualys SSL Labs):

- Chrome 51
- Edge 12
- Firefox 53
- Internet Explorer 11
- Opera 38
  • 大部分 Web Server 都依赖 OpenSSL 库提供 https服务,是否支持 ALPN 完全取决于使用的 OpenSSL 版本,OpenSSL 1.0.2 版本才开始支持 ALPN。

The table summarizes Linux operating system support for ALPN and NPN as of September 2017.

Operating System OpenSSL Version ALPN/NPN Support
CentOS/Oracle Linux/RHEL 6.5+, 7.0–7.3 1.0.1e NPN
CentOS/Oracle Linux/RHEL 7.4+ 1.0.2k ALPN and NPN
Debian 7.0 1.0.1e NPN
Debian 8.0 1.0.1k NPN
Debian 9.0 1.1.0f ALPN and NPN
Ubuntu 12.04 LTS 1.0.1 NPN
Ubuntu 14.04 LTS 1.0.1f NPN
Ubuntu 16.04 LTS 1.0.2g ALPN and NPN

检测工具

https://http2.pro/




如果文章中使用的内容和图片侵犯了您的版权,请联系作者删除。如果您喜欢这篇文章或者觉得它对您有用,欢迎您发表评论,也欢迎您分享这个网站,或者赞赏一下作者,谢谢!


支付宝打赏 微信打赏

赞赏一下