Issue #6503 has been updated by MartinBosslet (Martin Bosslet).


Protocols to be advertised by the server can now be set like this:

ctx = ... # some OpenSSL::SSL::SSLContext
ctx.npn_protocols = ["spdy/3", "spdy/2", "http/1.1"]

Selection on the client is handled via callback:

ctx = ... # some OpenSSL::SSL::SSLContext
ctx.npn_select_cb = lambda do |protocols|
  # selection logic, return value must be the selected protocol
  protocols.first
end

Raising or causing an error during the callback will effectively terminate the handshake.
The protocol that was finally chosen can be inspected on the resulting SSL instance with
SSL#npn_protocol. By default, not setting SSLContext#npn_protocols or SSLContext#npn_select_cb
will have the effect that NPN extension support is disabled.

@Ilya: Although I could write tests to assert the correctness of the basic behavior, I haven't
tried it in a real life scenario yet. Could you please confirm that this is working for you?
----------------------------------------
Feature #6503: Support for the NPN extension to TLS/SSL
https://bugs.ruby-lang.org/issues/6503#change-29123

Author: igrigorik (Ilya Grigorik)
Status: Closed
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category: ext
Target version: 2.0.0


OpenSSL 1.0.1+ added support for Next Protocol Negotiation (NPN) extensions. A couple of relevant links:

- Google technical note: https://technotes.googlecode.com/git/nextprotoneg.html
- IETF draft: http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-02

NPN allows the client to negotiate the session protocol as part of the TLS handshake (ex, "http 1.1", or "spdy/v{1,2,3}"). To support SPDY we need NPN support within OpenSSL core in Ruby. The API is already implemented in OpenSSL 1.0.1+, so it's a matter of adding support in Ruby core. 

Sister bug for Python 3.3: http://bugs.python.org/issue14204


-- 
http://bugs.ruby-lang.org/