Closed Bug 698231 Opened 10 years ago Closed 5 years ago
Renegotiation fails for SPDY connections when the server sends a certificate in the renegotiation handshake than the one it sent in the initial handshake
+++ This bug was initially created as a clone of Bug #698230 +++ +++ This bug was initially created as a clone of Bug #698229 +++ This would be a regression for any site that uses client certificates and which enables NPN+SPDY. I doubt many (if any) real servers do this.
It seems like at one point the HTTP/2 spec disallowed renegotiation and client certificates on the same connection based on my raising this as a concern in Zurich. I vaguely recollect that that decision was overturned near the end of the HTTP/2 process. I don't know what was done to make this a non-issue though.
HTTP/2 disallows renegotiation, with an exception that allows client certificate confidentiality, but that has to happen before the preface. As for this bug, I think that I would be quite happy to have this marked WONTFIX. SPDY doesn't really deserve much more effort, and I can live with a failure if a server changes its certificate between handshake and HTTP/2 preface.
WONTFIX as per comment 2.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.