Application-Layer Protocol Negotiation
This article relies too much on references to primary sources. (April 2013) (Learn how and when to remove this template message)
Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS) extension for application layer protocol negotiation. ALPN allows the application layer to negotiate which protocol should be performed over a secure connection in a manner that avoids additional round trips and which is independent of the application layer protocols. It is needed by secure HTTP/2 connections, which improves the compression of web pages and reduces their latency compared to HTTP/1.x. The ALPN and HTTP/2 standards emerged from development work done by Google on the now withdrawn SPDY protocol.
ALPN is supported by these libraries.
- GnuTLS since version 3.2.0 released in May 2013.
- MatrixSSL since version 3.7.1 released in December 2014.
- Network Security Services since version 3.15.5 released in April 2014.
- OpenSSL since version 1.0.2 released in January 2015.
- LibreSSL since version 2.1.3 released in January 2015.
- mbed TLS (previously PolarSSL) since version 1.3.6 released in April 2014.
- SChannel since 8.1 / 2012 R2.
- s2n since its original public release in June 2015.
- wolfSSL (formerly CyaSSL) since version 3.7.0 released in October 2015. 
- Go (in the standard library crypto/tls package) since version 1.4 released in December 2014. 
- JSSE in Java since JDK 9 released in September 2017.
ALPN is a TLS extension which is sent on the initial TLS handshake 'Client Hello', and it lists the protocols that the client (for example the web browser) supports:
Handshake Type: Client Hello (1) Length: 141 Version: TLS 1.2 (0x0303) Random: dd67b5943e5efd0740519f38071008b59efbd68ab3114587... Session ID Length: 0 Cipher Suites Length: 10 Cipher Suites (5 suites) Compression Methods Length: 1 Compression Methods (1 method) Extensions Length: 90 [other extensions omitted] Extension: application_layer_protocol_negotiation (len=14) Type: application_layer_protocol_negotiation (16) Length: 14 ALPN Extension Length: 12 ALPN Protocol ALPN string length: 2 ALPN Next Protocol: h2 ALPN string length: 8 ALPN Next Protocol: http/1.1
The resulting 'Server Hello' from the web server will also contain the ALPN extension, and it confirms which protocol will be used for the HTTP request:
Handshake Type: Server Hello (2) Length: 94 Version: TLS 1.2 (0x0303) Random: 44e447964d7e8a7d3b404c4748423f02345241dcc9c7e332... Session ID Length: 32 Session ID: 7667476d1d698d0a90caa1d9a449be814b89a0b52f470e2d... Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Compression Method: null (0) Extensions Length: 22 [other extensions omitted] Extension: application_layer_protocol_negotiation (len=5) Type: application_layer_protocol_negotiation (16) Length: 5 ALPN Extension Length: 3 ALPN Protocol ALPN string length: 2 ALPN Next Protocol: h2
- "gnutls 3.2.0". Archived from the original on 2016-01-31. Retrieved 2015-01-26.
- "MatrixSSL - News". 2014-12-04. Archived from the original on 2015-02-14. Retrieved 2015-01-26.
- "NSS 3.15.5 release notes". Mozilla Developer Network. Mozilla. Retrieved 2015-01-26.
- "OpenSSL 1.0.2 release notes". The OpenSSL Project. The OpenSSL Project. 2015-01-22. Retrieved 2015-01-26.
- "LibreSSL 2.1.3 released". 2015-01-22. Retrieved 2015-01-26.
- "Download overview - PolarSSL". 2014-04-11. Retrieved 2015-01-26.
- "wolfSSL Release Change Log". 2015-10-26. Retrieved 2015-09-11.
- "Go 1.4 Release Notes". 2014-12-10. Retrieved 2017-11-28.
- "Picotls". Github. Retrieved 2 August 2018.
- "JEP 244: TLS Application-Layer Protocol Negotiation Extension". 2017-08-07. Retrieved 2018-08-29.
- Langley, Adam. "» NPN and ALPN". Retrieved 2 April 2013.
- Langley, Adam. "False Start's Failure (11 Apr 2012)". Retrieved 25 September 2013.
|Wikimedia Commons has media related to SSL and TLS.|
- The registry of ALPN protocol IDs is maintained by IANA as a TLS extension.
- draft-agl-tls-nextprotoneg-04 (NPN draft) (last updated: May 2012)
- RFC 7301 "Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension"
|This computer networking article is a stub. You can help Wikipedia by expanding it.|