ALPN (Application Layer Protocol Negotiation) is an extension of TLS that allows application layer protocol negotiation based on a secure connection. ALPN supports the negotiation of any application layer protocol. At present, the application is at most HTTP2 negotiation. The current mainstream browsers only support HTTP / 2 based on HTTPS deployment, because the browser is based on the ALPN protocol to determine whether the server supports the HTTP2 protocol.
Principles of negotiation
In the Say Hello phase of TLS, the application layer protocol negotiation is added, as shown in the following figure:
We can use WireShark to capture packets and analyze the process of ALPN negotiation protocol interaction.
- When the browser is making an SSL connection, the first time the Client Hello packet is sent, the version supported by the browser is carried in the extension field, where h2 represents that the browser supports the http2 protocol.
- When the server returns the Server Hello package, if the server supports http 2, it will return h2. If it does not, select a protocol it supports from the list of protocols supported by the client, generally http / 1.1.
Both the browser and the server support ALPN negotiation, which is the prerequisite for using HTTP / 2.
- Android phones have supported ALPN since version 5.0. The OkHttp source code uses the following code to determine whether the phone supports ALPN:
public static boolean supportsAlpn() {
if (Security.getProvider("GMSCore_OpenSSL") != null) {
return true;
} else {
try {
Class.forName("android.net.Network"); // Arbitrary class added in Android 5.0.
return true;
} catch (ClassNotFoundException ignored) { }
}
return false;
}
- Most Web Servers rely on the OpenSSL library to provide https services. Whether or not ALPN is supported depends entirely on the version of OpenSSL used. OpenSSL version 1.0.2 only started to support ALPN.