• Images
• Videos
• Documents
• Books
• Articles

Support

ALPN is supported by these libraries:

• BSAFE Micro Edition Suite since version 5.0¹
• GnuTLS since version 3.2.0 released in May 2013²
• MatrixSSL since version 3.7.1 released in December 2014³
• Network Security Services since version 3.15.5 released in April 2014⁴
• OpenSSL since version 1.0.2 released in January 2015⁵
• LibreSSL since version 2.1.3 released in January 2015⁶
• mbed TLS (previously PolarSSL) since version 1.3.6 released in April 2014⁷
• s2n since its original public release in June 2015.
• wolfSSL (formerly CyaSSL) since version 3.7.0 released in October 2015⁸
• Go (in the standard library crypto/tls package) since version 1.4 released in December 2014⁹
• JSSE in Java since JDK 9 released in September 2017,¹⁰ backported to JDK 8 released in April 2020¹¹
• Win32 SSPI since Windows 8.1 and Windows Server 2012 R2 were released October 18, 2013¹²

History

Next Protocol Negotiation

In January 2010, Google introduced IETF standard draft describing Next Protocol Negotiation TLS extension.¹³ This extension was used to negotiate experimental SPDY connections between Google Chrome and some of Google's servers. As SPDY evolved, NPN was replaced with ALPN.

Application-Layer Protocol Negotiation

On July 11, 2014, ALPN was published as RFC 7301. ALPN replaces Next Protocol Negotiation (NPN) extension.¹⁴

TLS False Start was disabled in Google Chrome from version 20 (2012) onward except for websites with the earlier NPN extension.¹⁵

Example

ALPN is a TLS extension which is sent on the initial TLS handshake 'Client Hello', and it lists the protocols that the client (for example the web browser) supports:

Handshake Type: Client Hello (1) Length: 141 Version: TLS 1.2 (0x0303) Random: dd67b5943e5efd0740519f38071008b59efbd68ab3114587... Session ID Length: 0 Cipher Suites Length: 10 Cipher Suites (5 suites) Compression Methods Length: 1 Compression Methods (1 method) Extensions Length: 90 [other extensions omitted] Extension: application_layer_protocol_negotiation (len=14) Type: application_layer_protocol_negotiation (16) Length: 14 ALPN Extension Length: 12 ALPN Protocol ALPN string length: 2 ALPN Next Protocol: h2 ALPN string length: 8 ALPN Next Protocol: http/1.1

The resulting 'Server Hello' from the web server will also contain the ALPN extension, and it confirms which protocol will be used for the HTTP request:

Handshake Type: Server Hello (2) Length: 94 Version: TLS 1.2 (0x0303) Random: 44e447964d7e8a7d3b404c4748423f02345241dcc9c7e332... Session ID Length: 32 Session ID: 7667476d1d698d0a90caa1d9a449be814b89a0b52f470e2d... Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Compression Method: null (0) Extensions Length: 22 [other extensions omitted] Extension: application_layer_protocol_negotiation (len=5) Type: application_layer_protocol_negotiation (16) Length: 5 ALPN Extension Length: 3 ALPN Protocol ALPN string length: 2 ALPN Next Protocol: h2

External links

• The registry of ALPN protocol IDs is maintained by IANA as a TLS extension.
• draft-agl-tls-nextprotoneg-04 (NPN draft) (last updated: May 2012)
• RFC 7301 "Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension"

References

1. "Dell BSAFE Micro Edition Suite 5.0 Release Advisory". Retrieved 2022-10-18. https://www.dell.com/support/kbdoc/000204231/dell-bsafe-micro-edition-suite-5-0-release-advisory ↩

2. "gnutls 3.2.0". Archived from the original on 2016-01-31. Retrieved 2015-01-26. https://web.archive.org/web/20160131230710/http://article.gmane.org/gmane.network.gnutls.general/3136 ↩

3. "MatrixSSL - News". 2014-12-04. Archived from the original on 2015-02-14. Retrieved 2015-01-26. https://web.archive.org/web/20150214105056/http://www.matrixssl.org/news.html ↩

4. "NSS 3.15.5 release notes". Mozilla Developer Network. Mozilla. Retrieved 2015-01-26. https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.15.5_release_notes ↩

5. "OpenSSL 1.0.2 release notes". The OpenSSL Project. 2015-01-22. Archived from the original on 2014-09-04. Retrieved 2015-01-26. https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html ↩

6. "LibreSSL 2.1.3 released". 2015-01-22. Retrieved 2015-01-26. https://marc.info/?l=openbsd-announce&m=142193407304782 ↩

7. "Download overview - PolarSSL". 2014-04-11. Archived from the original on 2015-02-09. Retrieved 2015-01-26. https://web.archive.org/web/20150209195111/https://polarssl.org/tech-updates/releases/polarssl-1.3.6-released ↩

8. "wolfSSL Release Change Log". 2015-10-26. Retrieved 2015-09-11. https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html ↩

9. "Go 1.4 Release Notes". 2014-12-10. Retrieved 2017-11-28. https://golang.org/doc/go1.4#minor_library_changes ↩

10. "JEP 244: TLS Application-Layer Protocol Negotiation Extension". 2017-08-07. Retrieved 2018-08-29. https://bugs.openjdk.java.net/browse/JDK-8051498 ↩

11. "Release Note: TLS Application-Layer Protocol Negotiation Extension". 2020-04-30. Retrieved 2020-06-11. https://bugs.openjdk.java.net/browse/JDK-8242894 ↩

12. "What's New in TLS/SSL (Schannel SSP)". 31 August 2016. Retrieved 2020-03-30. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831771(v=ws.11)?redirectedfrom=MSDN#whats-new-in-tlsssl-schannel-ssp-in-windows-server-2012-r2-and-windows-81 ↩

13. Langley, A. (January 20, 2010). "Transport Layer Security (TLS) Next Protocol Negotiation Extension". IETF Datatracker. https://datatracker.ietf.org/doc/html/draft-agl-tls-nextprotoneg-00 ↩

14. Langley, Adam. "» NPN and ALPN". Retrieved 2 April 2013. https://www.imperialviolet.org/2013/03/20/alpn.html ↩

15. Langley, Adam. "False Start's Failure (11 Apr 2012)". Retrieved 25 September 2013. https://www.imperialviolet.org/2012/04/11/falsestart.html ↩