Google Git
Sign in
eclipse / www.eclipse.org / jetty / 94b6f353dc48fafc5b1cb579deae961dbe6ebf11 / . / documentation / current / alpn-chapter.html
blob: a9661a8048feeff7788f41cf3de5f860ffc941f8 [file] [log] [blame]
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter&nbsp;15.&nbsp;Application Layer Protocol Negotiation (ALPN)</title><link rel="stylesheet" type="text/css" href="css/docbook.css"><meta name="generator" content="DocBook XSL Stylesheets V1.79.1"><meta name="keywords" content="jetty, servlet, servlet-api, cometd, http, websocket, eclipse, maven, java, server, software"><link rel="home" href="index.html" title="Jetty"><link rel="up" href="jetty-admin-guide.html" title="Part&nbsp;III.&nbsp;Jetty Administration Guide"><link rel="prev" href="jetty-jconsole.html" title="Managing Jetty with JConsole and JMC"><link rel="next" href="http2.html" title="Chapter&nbsp;16.&nbsp;HTTP/2"><link xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" rel="shortcut icon" href="images/favicon.ico"><link rel="stylesheet" href="css/highlighter/foundation.css"><script src="js/highlight.pack.js"></script><script>
hljs.initHighlightingOnLoad();
</script><link type="text/css" rel="stylesheet" href="css/font-awesome/font-awesome.min.css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><table xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><tr><td style="width: 25%"><a href="http://www.eclipse.org/jetty"><img src="images/jetty-header-logo.png" alt="Jetty Logo"></a><br><span style="font-size: small">
Version: 9.4.30.v20200611</span></td><td style="width: 50%"></td></tr></table><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter&nbsp;15.&nbsp;Application Layer Protocol Negotiation (ALPN)</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="jetty-jconsole.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a>&nbsp;</td><th width="60%" align="center">Part&nbsp;III.&nbsp;Jetty Administration Guide<br><a accesskey="p" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></th><td width="20%" align="right">&nbsp;<a accesskey="n" href="http2.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr></table><hr></div><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="jetty-callout"><h5 class="callout"><a href="http://www.webtide.com/">Contact the core Jetty developers at
<span class="website">www.webtide.com</span></a></h5><p>
private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ...
scalability guidance for your apps and Ajax/Comet projects ... development services for sponsored feature development
</p></div><div class="chapter"><div class="titlepage"><div><div><h2 class="title"><a name="alpn-chapter"></a>Chapter&nbsp;15.&nbsp;Application Layer Protocol Negotiation (ALPN)</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="section"><a href="alpn-chapter.html#alpn">Introducing ALPN</a></span></dt></dl></div><p>The development of new web protocols such as HTTP/2 raised the need of protocol
negotiation within a Transport Layer Security (TLS) handshake.
A protocol negotiation called ALPN (Application Layer Protocol Negotiation -
<a class="link" href="https://tools.ietf.org/html/rfc7301" target="_top">RFC7301</a>) has been defined to accomplish this.</p><p>ALPN has now replaced the older (and now fully deprecated) NPN in the general Web
as of 2016.</p><p>For those browsers that support HTTP/2, they all now support ALPN.
Starting with Jetty 9.3.0, only ALPN is supported by Jetty.</p><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="alpn"></a>Introducing ALPN</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="alpn-chapter.html#alpn-openjdk8">ALPN and OpenJDK 8</a></span></dt><dt><span class="section"><a href="alpn-chapter.html#alpn-openjdk8-agent">ALPN agent and OpenJDK 8</a></span></dt><dt><span class="section"><a href="alpn-chapter.html#alpn-conscrypt">ALPN and Conscrypt</a></span></dt><dt><span class="section"><a href="alpn-chapter.html#alpn-jdk9">ALPN and JDK 9</a></span></dt><dt><span class="section"><a href="alpn-chapter.html#alpn-troubleshooting">ALPN Troubleshooting</a></span></dt><dt><span class="section"><a href="alpn-chapter.html#alpn-openjdk8-details">Details about ALPN and OpenJDK 8</a></span></dt><dt><span class="section"><a href="alpn-chapter.html#alpn-openjdk8-client-example">Client Example</a></span></dt><dt><span class="section"><a href="alpn-chapter.html#alpn-openjdk8-server-example">Server Example</a></span></dt><dt><span class="section"><a href="alpn-chapter.html#alpn-openjdk8-implementation">Implementation Details</a></span></dt><dt><span class="section"><a href="alpn-chapter.html#alpn-openjdk8-tests">Unit Tests</a></span></dt><dt><span class="section"><a href="alpn-chapter.html#alpn-openjdk8-debugging">Debugging</a></span></dt><dt><span class="section"><a href="alpn-chapter.html#alpn-openjdk8-license-details">License Details</a></span></dt><dt><span class="section"><a href="alpn-chapter.html#alpn-versions">Versions</a></span></dt><dt><span class="section"><a href="alpn-chapter.html#alpn-build">How to build ALPN</a></span></dt></dl></div><p>Application Layer Protocol Negotiation (ALPN) is a TLS extension that allows client and server to negotiate the application protocol that they will use to communicate within the encryption provided by TLS.</p><p>Any protocol can be negotiated by ALPN within a TLS connection; the protocols that are most commonly negotiated are HTTP/2 and HTTP/1.1.</p><p>Browsers only support HTTP/2 over TLS by negotiating the HTTP/2 protocol via ALPN.
You need to configure the server to support TLS and ALPN if you want browsers to use
the HTTP/2 protocol, otherwise they will default to HTTP/1.1.</p><p>In the Jetty project, ALPN is <span class="emphasis"><em>used</em></span> in two artifacts: <code class="literal">jetty-alpn-client</code> and <code class="literal">jetty-alpn-server</code>, respectively for the client and for the server.</p><p>When using Jetty as a standalone server via the Jetty distribution, the <code class="literal">jetty-alpn-server</code> artifact is automatically included in the server classpath by the Jetty module system.</p><p>When using Jetty embedded, the <code class="literal">jetty-alpn-client</code> and <code class="literal">jetty-alpn-server</code> artifacts must be included in the classpath, respectively for client and server use cases.</p><p>The ALPN implementation is <span class="emphasis"><em>provided</em></span> to these two artifacts with the following options:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p class="simpara">For Java 8 only, a provider based on a pure Java implementation (no native code)</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem">For Java 8 up to <code class="literal">1.8.0_242</code> included, this provider uses modified OpenJDK classes
and requires the <code class="literal">-Xbootclasspath/p:</code> option on command line</li><li class="listitem">For Java 8 from <code class="literal">1.8.0_252</code> included and later, this provider uses the standard OpenJDK
ALPN APIs introduced in Java 9 (see below) that have been backported to <code class="literal">1.8.0_252</code> and
does not require the <code class="literal">-Xbootclasspath/p:</code> option on command line</li></ul></div></li><li class="listitem"><p class="simpara">For Java 8 or later, a provider based on the <a class="link" href="configuring-ssl.html#conscrypt" title="Conscrypt SSL">Conscrypt security provider</a></p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem">Works with JDK 8 or later and provides improved performance</li><li class="listitem">Binds to the OpenSSL native library shipped by Conscrypt and is therefore only available on the platforms supported by Conscrypt</li></ul></div></li><li class="listitem"><p class="simpara">For Java 9 or later, a provider based on the standard OpenJDK ALPN APIs</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem">Works with JDK 9 or later, pure Java implementation (no native code)</li><li class="listitem">Lower performance than Conscrypt</li></ul></div></li></ul></div><p>Each provider above provides an ALPN <span class="emphasis"><em>service</em></span> implementation; Jetty uses the <code class="literal">ServiceLoader</code> mechanism to load these service implementations.
At least one valid provider must be present in the server classpath.
For example, using JDK 8 with the JDK 9 ALPN provider is an <span class="emphasis"><em>invalid</em></span> combination.
The absence of valid implementations is an error at startup (see also the <a class="link" href="alpn-chapter.html#alpn-troubleshooting" title="ALPN Troubleshooting">troubleshooting section</a>).</p><p>There may be multiple ALPN service providers in the server classpath.
When a new connection is created, an <code class="literal">SSLEngine</code> instance is associated to it; each <code class="literal">SSLEngine</code> is passed all service implementations, until one accepts it.</p><p>It is therefore possible to have multiple providers active at the same time, for example the JDK 9 provider and the Conscrypt provider, and at runtime the correct one will be chosen by the Jetty runtime.</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="alpn-openjdk8"></a>ALPN and OpenJDK 8</h3></div></div></div><p>When using JDKs based on OpenJDK 8 (for JDK 9 see <a class="link" href="alpn-chapter.html#alpn-jdk9" title="ALPN and JDK 9">here</a>), and you do not or
cannot use <a class="link" href="configuring-ssl.html#conscrypt" title="Conscrypt SSL">Conscrypt</a>, the ALPN implementation is provided by the
<code class="literal">jetty-alpn-openjdk8-client</code> or <code class="literal">jetty-alpn-openjdk8-server</code> artifacts.</p><p>For Java 8 versions up to <code class="literal">1.8.0_242</code> included, you also need the Jetty&#8217;s ALPN boot library
to provide the ALPN service implementation, via the <code class="literal">alpn-boot</code> artifact.
For Java 8 versions from <code class="literal">1.8.0_252</code> included and later, Jetty&#8217;s ALPN boot library is not
necessary because the OpenJDK ALPN APIs have been backported to <code class="literal">1.8.0_252</code> and the
<code class="literal">jetty-alpn-openjdk8-*</code> artifacts can use these backported APIs if their presence is detected.</p><p>Alternatively, you can use the <a class="link" href="alpn-chapter.html#alpn-openjdk8-agent" title="ALPN agent and OpenJDK 8">Jetty ALPN agent</a>, that in turn uses
theJetty ALPN boot library to transform the relevant OpenJDK classes when they are loaded.</p><p>The Jetty ALPN boot library modifies the relevant OpenJDK classes to add ALPN support and provides an ALPN API that application can use to enable ALPN.</p><p>When using Jetty as a standalone server via the Jetty distribution, ALPN support is automatically enabled when the <code class="literal">http2</code> module is enabled.
This enables transitively the <code class="literal">alpn-8</code> module which puts the <code class="literal">jetty-alpn-openjdk8-server</code> artifact in the server classpath, providing the ALPN OpenJDK 8 service implementation.</p><p>When using Jetty embedded, the ALPN support is provided by the <code class="literal">jetty-alpn-openjdk8-client</code> and <code class="literal">jetty-alpn-openjdk8-server</code> artifacts, respectively for client usage and server usage.</p><p>To get ALPN working with Java 8, you must have the <code class="literal">jetty-alpn-openjdk8-client</code> artifact or
the <code class="literal">jetty-alpn-openjdk8-server</code> artifact in the classpath.</p><p>Additionally, if you are using OpenJDK <code class="literal">1.8.0_242</code> or earlier, you need the Jetty ALPN boot
library (corresponding to the exact OpenJDK version you are using) in the boot classpath,
or alternatively you need the <a class="link" href="alpn-chapter.html#alpn-openjdk8-agent" title="ALPN agent and OpenJDK 8">Jetty ALPN agent</a>.</p><p>In the case of the Jetty ALPN boot library, start the JVM as follows:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>java -Xbootclasspath/p:&lt;path_to_alpn_boot_jar&gt; ...</code></pre><p>Where <code class="literal">path_to_alpn_boot_jar</code> is the path on the file system for the <code class="literal">alpn-boot</code> artifact, such as the one at the Maven coordinates <code class="literal">org.mortbay.jetty.alpn:alpn-boot</code>.</p><div class="blockquote"><blockquote class="blockquote"><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="important" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><i class="fa fa-plus" aria-hidden="true"></i> Important</h3><p>Be certain to get the
<a class="link" href="alpn-chapter.html#alpn-versions" title="Versions">ALPN boot artifact version that matches the version of your JRE</a>.</p></div></blockquote></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="alpn-openjdk8-agent"></a>ALPN agent and OpenJDK 8</h3></div></div></div><p>The Jetty Project also maintains the
<a class="link" href="https://github.com/jetty-project/jetty-alpn-agent" target="_top">Jetty ALPN agent</a>, which is a JVM
agent that provides the ALPN implementation.
The Jetty ALPN agent can be use in alternative (never together) with the
<a class="link" href="alpn-chapter.html#alpn-openjdk8" title="ALPN and OpenJDK 8">ALPN boot library</a>.</p><p>The Jetty ALPN agent contains the ALPN boot libraries for every JDK 8 version.
The agent can be used only with Java 8, but works with <span class="emphasis"><em>any</em></span> Java 8 version.</p><p>The Jetty ALPN agent detects the JDK version currently running, picks the correspondent
ALPN boot library (or picks none if the JDK version is <code class="literal">1.8.0_252</code> or later), and
transforms, if necessary, the relevant OpenJDK classes to provide the ALPN support.</p><p>To use the Jetty ALPN agent, start the JVM as follows:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>java -javaagent:&lt;path_to_alpn_agent_jar&gt; ...</code></pre><div class="blockquote"><blockquote class="blockquote"><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><i class="fa fa-asterisk" aria-hidden="true"></i> Note</h3><p>The Jetty ALPN agent works with any Java 8 version. It is <span class="emphasis"><em>required</em></span> if you use
an OpenJDK version up to <code class="literal">1.8.0_242</code> included, and it is <span class="emphasis"><em>optional</em></span> if you use an
OpenJDK version equal or greater than <code class="literal">1.8.0_252</code>.</p></div><p>The Jetty ALPN agent can be left on the command line even when using an OpenJDK version
equal or greater than <code class="literal">1.8.0_252</code> but we recommend to remove it from the command line
when you use OpenJDK <code class="literal">1.8.0_252</code> or later.</p></blockquote></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="alpn-conscrypt"></a>ALPN and Conscrypt</h3></div></div></div><p>When using JDK 8 or later, you can use the <a class="link" href="https://conscrypt.org/" target="_top">Conscrypt</a> security provider to provide the ALPN service implementation.</p><p>Conscrypt binds natively to BoringSSL (a fork of OpenSSL by Google), so ALPN will be supported via the support provided by BoringSSL (bundled together with Conscrypt).</p><p>When using Jetty as a standalone server via the Jetty distribution, ALPN is enabled by enabling the <code class="literal">conscrypt</code> module.</p><p>When using Jetty embedded, ALPN is enabled by the <code class="literal">jetty-alpn-conscrypt-client</code> and <code class="literal">jetty-alpn-conscrypt-server</code> artifacts, respectively for client usage and server usage.
In addition, you also need the Conscrypt artifacts, typically the <code class="literal">org.conscrypt:conscrypt-openjdk-uber</code> artifact.
All these artifacts must be added to the classpath.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="alpn-jdk9"></a>ALPN and JDK 9</h3></div></div></div><p>When using JDK 9 or later and Jetty as a standalone server via the Jetty distribution, ALPN support is automatically enabled when the <code class="literal">http2</code> module is enabled.
This enables transitively the <code class="literal">alpn-9</code> module which puts the <code class="literal">jetty-alpn-java-server</code> artifact in the server classpath, providing the ALPN JDK 9 service implementation.</p><p>When using JDK 9 or later and Jetty embedded, the ALPN service implementation is provided by the <code class="literal">jetty-alpn-java-client</code> and <code class="literal">jetty-alpn-java-server</code> artifacts, respectively for client usage and server usage, and must be added to the classpath.</p><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="alpn-osgi"></a>Starting in OSGi</h4></div></div></div><p>To use ALPN in an OSGi environment, in addition to what described above, you will also need to deploy the <code class="literal">jetty-osgi-alpn</code> jar.
This jar contains a <code class="literal">Fragment-Host</code> directive that ensures the ALPN classes will be available from the system bundle.</p><p>You can download the <a class="link" href="https://repo1.maven.org/maven2/org/eclipse/jetty/osgi/jetty-osgi-alpn/" target="_top">jetty-osgi-alpn jar</a> from Maven Central.</p><div class="blockquote"><blockquote class="blockquote"><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><i class="fa fa-asterisk" aria-hidden="true"></i> Note</h3><p>OSGi <span class="strong"><strong>requires</strong></span> a <code class="literal">ServiceLoader</code> implementation for Jetty to function properly.
OSGi leverages <a class="link" href="http://aries.apache.org/modules/spi-fly.html" target="_top">Apache Aries SPI Fly</a> for this functionality.
You can read more about OSGi and <code class="literal">ServiceLoader</code> <a class="link" href="http://blog.osgi.org/2013/02/javautilserviceloader-in-osgi.html" target="_top">here.</a></p></div></blockquote></div></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="alpn-troubleshooting"></a>ALPN Troubleshooting</h3></div></div></div><p>When starting the Jetty server, especially when using Jetty embedded, it may be possible that you see an error similar to this:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>IllegalStateException: no ALPN processor</code></pre><p>The error means that you don&#8217;t have the ALPN dependencies setup correctly in your classpath.</p><p>For example, you may have the <code class="literal">jetty-alpn-java-server</code> artifact in the classpath (which is correct when using JDK 9), but run your application with JDK 8.</p><p>Another example is when you have correctly put the <code class="literal">alpn-boot</code> artifact in the boot classpath, but you don&#8217;t have the <code class="literal">jetty-alpn-openjdk8-server</code> artifact in the classpath.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="alpn-openjdk8-details"></a>Details about ALPN and OpenJDK 8</h3></div></div></div><p>The following sections only refer to the API and implementation of ALPN using the Jetty boot library.</p><p>The Jetty ALPN boot library is conceptually made of two parts: the ALPN APIs and the ALPN implementation.</p><p>The ALPN API is provided by the <code class="literal">org.eclipse.jetty.alpn:alpn-api</code> artifact.
This artifact is only needed by application code that uses the ALPN APIs.</p><p>The ALPN implementation is provided by the <code class="literal">org.mortbay.jetty.alpn:alpn-boot</code> artifact and consist of modifications to the OpenJDK classes.
The <code class="literal">org.mortbay.jetty.alpn:alpn-boot</code> artifact contains also the classes present in the <code class="literal">org.eclipse.jetty.alpn:alpn-api</code> artifact.</p><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="alpn-openjdk8-understanding"></a>Understanding the ALPN API</h4></div></div></div><p>Applications need to interact with ALPN TLS extension protocol negotiations.
For example, server applications need to know whether the client supports ALPN, and client applications needs to know whether the server supports ALPN.</p><p>To implement this interaction, Jetty&#8217;s ALPN implementation provides an API to applications, hosted at Maven coordinates <code class="literal">org.eclipse.jetty.alpn:alpn-api</code>.
You need to declare this dependency as provided, because the <code class="literal">alpn-boot</code> jar already includes it (see the previous section), and it is therefore available from the boot classpath.</p><p>The API consists of a single class, <code class="literal">org.eclipse.jetty.alpn.ALPN</code>, and applications need to register instances of <code class="literal">SSLSocket</code> or <code class="literal">SSLEngine</code> with a <code class="literal">ClientProvider</code> or <code class="literal">ServerProvider</code> (depending on whether the application is a client application or server application).
Refer to <code class="literal">ALPN</code> Javadocs and to the examples below for further details about client and server provider methods.</p></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="alpn-openjdk8-client-example"></a>Client Example</h3></div></div></div><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>SSLContext sslContext = ...;
SSLSocket sslSocket = (SSLSocket)context.getSocketFactory().createSocket("localhost", server.getLocalPort());
ALPN.put(sslSocket, new ALPN.ClientProvider()
{
@Override
public List&lt;String&gt; protocols()
{
return Arrays.asList("h2", "http/1.1");
}
@Override
public void unsupported()
{
ALPN.remove(sslSocket);
}
@Override
public void selected(String protocol)
{
ALPN.remove(sslSocket);
System.out.println("Protocol Selected is: " + protocol);
}
});</code></pre><p>The ALPN implementation calls <code class="literal">ALPN.ClientProvider</code> methods <code class="literal">protocols()</code>, <code class="literal">unsupported()</code> and <code class="literal">selected(String)</code>, so that the client application can:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">Decide whether to support ALPN</li><li class="listitem">Provide the protocols supported</li><li class="listitem">Know whether the server supports ALPN</li><li class="listitem">Know the protocol chosen by the server</li></ul></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="alpn-openjdk8-server-example"></a>Server Example</h3></div></div></div><p>The example for <code class="literal">SSLEngine</code> is identical, and you just need to replace the <code class="literal">SSLSocket</code> instance with an <code class="literal">SSLEngine</code> instance.</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>SSLEngine sslEngine = ...;
ALPN.put(sslEngine, new ALPN.ServerProvider()
{
@Override
public void unsupported()
{
ALPN.remove(sslEngine);
}
@Override
public String select(List&lt;String&gt; protocols);
{
ALPN.remove(sslEngine);
return protocols.get(0);
}
});</code></pre><p>The ALPN implementation calls <code class="literal">ALPN.ServerProvider</code> methods <code class="literal">unsupported()</code>, and <code class="literal">select(List&lt;String&gt;),</code> so that the server application can:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">know whether the client supports ALPN.</li><li class="listitem">select one of the protocols the client supports.</li></ul></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="alpn-openjdk8-implementation"></a>Implementation Details</h3></div></div></div><p>It is important that implementations of <code class="literal">ALPN.ServerProvider</code> and <code class="literal">ALPN.ClientProvider</code> remove the <code class="literal">sslSocket</code> or <code class="literal">sslEngine</code> when the negotiation is complete, like shown in the examples above.
Failing to do so will cause a memory leak.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="alpn-openjdk8-tests"></a>Unit Tests</h3></div></div></div><p>You can write and run unit tests that use the ALPN implementation.
The solution that we use with Maven is to specify an additional command line argument to the Surefire plugin:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>&lt;project&gt;
&lt;properties&gt;
&lt;alpn-boot-version&gt;8.1.4.v20150727&lt;/alpn-boot-version&gt;
&lt;/properties&gt;
&lt;build&gt;
&lt;plugins&gt;
&lt;plugin&gt;
&lt;artifactId&gt;maven-surefire-plugin&lt;/artifactId&gt;
&lt;configuration&gt;
&lt;argLine&gt;
-Xbootclasspath/p:${settings.localRepository}/org/mortbay/jetty/alpn/alpn-boot/${alpn-boot-version}/alpn-boot-${alpn-boot-version}.jar
&lt;/argLine&gt;
&lt;/configuration&gt;
&lt;/plugin&gt;
...
&lt;/plugins&gt;
&lt;/build&gt;
...
&lt;/project&gt;</code></pre></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="alpn-openjdk8-debugging"></a>Debugging</h3></div></div></div><p>You can enable debug logging for the ALPN implementation in this way:</p><pre class="literallayout">ALPN.debug = true;</pre><p>Since the ALPN class is in the boot classpath, we chose not to use logging libraries because we do not want to override application logging library choices; therefore the logging is performed directly on <code class="literal">System.err</code>.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="alpn-openjdk8-license-details"></a>License Details</h3></div></div></div><p>The ALPN implementation relies on modification of a few OpenJDK classes and on a few new classes that need to live in the <code class="literal">sun.security.ssl</code> package.
These classes are released under the same <code class="literal">GPLv2+exception</code> license of OpenJDK.</p><p>The ALPN class and its nested classes are released under same license as the classes of the Jetty project.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="alpn-versions"></a>Versions</h3></div></div></div><p>The ALPN implementation, relying on modifications of OpenJDK classes, updates every time there are updates to the modified OpenJDK classes.</p><div class="table"><a name="d0e18062"></a><p class="title"><b>Table&nbsp;15.1.&nbsp;ALPN vs. OpenJDK versions</b></p><div class="table-contents"><table class="table" summary="ALPN vs. OpenJDK versions" border="1"><colgroup><col class="col_1"><col class="col_2"></colgroup><thead><tr><th align="left" valign="top">OpenJDK version</th><th align="left" valign="top">ALPN version</th></tr></thead><tbody><tr><td align="left" valign="top"><p>1.7.0u40</p></td><td align="left" valign="top"><p>7.1.0.v20141016</p></td></tr><tr><td align="left" valign="top"><p>1.7.0u45</p></td><td align="left" valign="top"><p>7.1.0.v20141016</p></td></tr><tr><td align="left" valign="top"><p>1.7.0u51</p></td><td align="left" valign="top"><p>7.1.0.v20141016</p></td></tr><tr><td align="left" valign="top"><p>1.7.0u55</p></td><td align="left" valign="top"><p>7.1.0.v20141016</p></td></tr><tr><td align="left" valign="top"><p>1.7.0u60</p></td><td align="left" valign="top"><p>7.1.0.v20141016</p></td></tr><tr><td align="left" valign="top"><p>1.7.0u65</p></td><td align="left" valign="top"><p>7.1.0.v20141016</p></td></tr><tr><td align="left" valign="top"><p>1.7.0u67</p></td><td align="left" valign="top"><p>7.1.0.v20141016</p></td></tr><tr><td align="left" valign="top"><p>1.7.0u71</p></td><td align="left" valign="top"><p>7.1.2.v20141202</p></td></tr><tr><td align="left" valign="top"><p>1.7.0u72</p></td><td align="left" valign="top"><p>7.1.2.v20141202</p></td></tr><tr><td align="left" valign="top"><p>1.7.0u75</p></td><td align="left" valign="top"><p>7.1.3.v20150130</p></td></tr><tr><td align="left" valign="top"><p>1.7.0u76</p></td><td align="left" valign="top"><p>7.1.3.v20150130</p></td></tr><tr><td align="left" valign="top"><p>1.7.0u79</p></td><td align="left" valign="top"><p>7.1.3.v20150130</p></td></tr><tr><td align="left" valign="top"><p>1.7.0u80</p></td><td align="left" valign="top"><p>7.1.3.v20150130</p></td></tr><tr><td align="left" valign="top"><p>1.8.0</p></td><td align="left" valign="top"><p>8.1.0.v20141016</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u05</p></td><td align="left" valign="top"><p>8.1.0.v20141016</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u11</p></td><td align="left" valign="top"><p>8.1.0.v20141016</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u20</p></td><td align="left" valign="top"><p>8.1.0.v20141016</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u25</p></td><td align="left" valign="top"><p>8.1.2.v20141202</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u31</p></td><td align="left" valign="top"><p>8.1.3.v20150130</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u40</p></td><td align="left" valign="top"><p>8.1.3.v20150130</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u45</p></td><td align="left" valign="top"><p>8.1.3.v20150130</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u51</p></td><td align="left" valign="top"><p>8.1.4.v20150727</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u60</p></td><td align="left" valign="top"><p>8.1.5.v20150921</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u65</p></td><td align="left" valign="top"><p>8.1.6.v20151105</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u66</p></td><td align="left" valign="top"><p>8.1.6.v20151105</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u71</p></td><td align="left" valign="top"><p>8.1.7.v20160121</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u72</p></td><td align="left" valign="top"><p>8.1.7.v20160121</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u73</p></td><td align="left" valign="top"><p>8.1.7.v20160121</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u74</p></td><td align="left" valign="top"><p>8.1.7.v20160121</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u77</p></td><td align="left" valign="top"><p>8.1.7.v20160121</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u91</p></td><td align="left" valign="top"><p>8.1.7.v20160121</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u92</p></td><td align="left" valign="top"><p>8.1.8.v20160420</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u101</p></td><td align="left" valign="top"><p>8.1.9.v20160720</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u102</p></td><td align="left" valign="top"><p>8.1.9.v20160720</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u111</p></td><td align="left" valign="top"><p>8.1.9.v20160720</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u112</p></td><td align="left" valign="top"><p>8.1.10.v20161026</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u121</p></td><td align="left" valign="top"><p>8.1.11.v20170118</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u131</p></td><td align="left" valign="top"><p>8.1.11.v20170118</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u141</p></td><td align="left" valign="top"><p>8.1.11.v20170118</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u144</p></td><td align="left" valign="top"><p>8.1.11.v20170118</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u151</p></td><td align="left" valign="top"><p>8.1.11.v20170118</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u152</p></td><td align="left" valign="top"><p>8.1.11.v20170118</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u161</p></td><td align="left" valign="top"><p>8.1.12.v20180117</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u162</p></td><td align="left" valign="top"><p>8.1.12.v20180117</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u171</p></td><td align="left" valign="top"><p>8.1.12.v20180117</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u172</p></td><td align="left" valign="top"><p>8.1.12.v20180117</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u181</p></td><td align="left" valign="top"><p>8.1.12.v20180117</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u191</p></td><td align="left" valign="top"><p>8.1.13.v20181017</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u192</p></td><td align="left" valign="top"><p>8.1.13.v20181017</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u201</p></td><td align="left" valign="top"><p>8.1.13.v20181017</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u202</p></td><td align="left" valign="top"><p>8.1.13.v20181017</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u211<sup>[1]</sup></p></td><td align="left" valign="top"><p>8.1.13.v20181017</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u212</p></td><td align="left" valign="top"><p>8.1.13.v20181017</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u221<sup>[1]</sup></p></td><td align="left" valign="top"><p>8.1.13.v20181017</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u222</p></td><td align="left" valign="top"><p>8.1.13.v20181017</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u231<sup>[1]</sup></p></td><td align="left" valign="top"><p>8.1.13.v20181017</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u232</p></td><td align="left" valign="top"><p>8.1.13.v20181017</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u241<sup>[1]</sup></p></td><td align="left" valign="top"><p>8.1.13.v20181017</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u242</p></td><td align="left" valign="top"><p>8.1.13.v20181017</p></td></tr><tr><td align="left" valign="top"><p>1.8.0u252 and later</p></td><td align="left" valign="top"><p>NOT NECESSARY</p></td></tr></tbody></table></div></div><br class="table-break"><p><sup>[1]</sup> These are Oracle releases for which the source code is not available,
or it is unclear what exactly is because there is no correspondent tag in
the OpenJDK repository.
We assume that the source code for these releases is equivalent (at least
for the files modified to make ALPN work) to the release that follows
(for example, for 1.8.0u211 we assume that the source code is equivalent
to 1.8.0u212, for 1.8.0u221 we assume 1.8.0u222, etc.).</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="alpn-build"></a>How to build ALPN</h3></div></div></div><p>This section is for Jetty developers that need to update the ALPN implementation with the OpenJDK versions.</p><p>Clone the OpenJDK repository with the following command:</p><div class="screenexample"><pre class="screen">$ hg clone https://hg.openjdk.java.net/jdk8u/jdk8u jdk8u
$ cd !$
$ ./get_source.sh</pre></div><p>To update the source to a specific tag, use the following command:</p><div class="screenexample"><pre class="screen">$ ./make/scripts/hgforest.sh update &lt;tag-name&gt;</pre></div><p>The list of OpenJDK tags can be obtained from this page:
<a class="link" href="https://hg.openjdk.java.net/jdk8u/jdk8u/tags" target="_top">OpenJDK 8 Tags</a>.</p><p>You will then need to compare and incorporate the OpenJDK source changes into the modified OpenJDK classes at the <a class="link" href="https://github.com/jetty-project/jetty-alpn" target="_top">ALPN GitHub Repository</a>, branch <code class="literal">master</code>.</p></div></div></div><script type="text/javascript">
SyntaxHighlighter.all()
</script><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="jetty-jconsole.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a>&nbsp;</td><td width="20%" align="center"><a accesskey="u" href="jetty-admin-guide.html"><i class="fa fa-chevron-up" aria-hidden="true"></i> Top</a></td><td width="40%" align="right">&nbsp;<a accesskey="n" href="http2.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr><tr><td width="40%" align="left" valign="top">Managing Jetty with JConsole and JMC&nbsp;</td><td width="20%" align="center"><a accesskey="h" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></td><td width="40%" align="right" valign="top">&nbsp;Chapter&nbsp;16.&nbsp;HTTP/2</td></tr></table></div><p xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><div class="jetty-callout">
See an error or something missing?
<span class="callout"><a href="http://github.com/eclipse/jetty.project">Contribute to this documentation at
<span class="website"><i class="fa fa-github" aria-hidden="true"></i> Github!</span></a></span><span style="float: right"><i>(Generated: 2020-06-11)</i></span></div></p></body></html>