Application-Layer Protocol Negotiation

Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS) extension that allows the application layer to negotiate which protocol should be performed over a secure connection in a manner that avoids additional round trips and which is independent of the application-layer protocols. It is used to establish HTTP/2 connections without additional round trips (client and server can communicate over two ports previously assigned to HTTPS with HTTP/1.1 and upgrade to use HTTP/2 or continue with HTTP/1.1 without closing the initial connection).

Support

ALPN is supported by these libraries:

• BSAFE Micro Edition Suite since version 5.0^[1]
• GnuTLS since version 3.2.0 released in May 2013^[2]
• MatrixSSL since version 3.7.1 released in December 2014^[3]
• Network Security Services since version 3.15.5 released in April 2014^[4]
• OpenSSL since version 1.0.2 released in January 2015^[5]
• LibreSSL since version 2.1.3 released in January 2015^[6]
• mbed TLS (previously PolarSSL) since version 1.3.6 released in April 2014^[7]
• s2n since its original public release in June 2015.
• wolfSSL (formerly CyaSSL) since version 3.7.0 released in October 2015^[8]
• Go (in the standard library crypto/tls package) since version 1.4 released in December 2014^[9]
• JSSE in Java since JDK 9 released in September 2017,^[10] backported to JDK 8 released in April 2020^[11]
• Win32 SSPI since Windows 8.1 and Windows Server 2012 R2 were released October 18, 2013^[12]

History

Next Protocol Negotiation

In January 2010, Google introduced IETF standard draft describing Next Protocol Negotiation TLS extension.^[13] This extension was used to negotiate experimental SPDY connections between Google Chrome and some of Google's servers. As SPDY evolved, NPN was replaced with ALPN.

Application-Layer Protocol Negotiation

On July 11, 2014, ALPN was published as RFC 7301. ALPN replaces Next Protocol Negotiation (NPN) extension.^[14]

TLS False Start was disabled in Google Chrome from version 20 (2012) onward except for websites with the earlier NPN extension.^[15]

Example

ALPN is a TLS extension which is sent on the initial TLS handshake 'Client Hello', and it lists the protocols that the client (for example the web browser) supports:

    Handshake Type: Client Hello (1)
    Length: 141
    Version: TLS 1.2 (0x0303)
    Random: dd67b5943e5efd0740519f38071008b59efbd68ab3114587...
    Session ID Length: 0
    Cipher Suites Length: 10
    Cipher Suites (5 suites)
    Compression Methods Length: 1
    Compression Methods (1 method)
    Extensions Length: 90
    [other extensions omitted]
    Extension: application_layer_protocol_negotiation (len=14)
        Type: application_layer_protocol_negotiation (16)
        Length: 14
        ALPN Extension Length: 12
        ALPN Protocol
            ALPN string length: 2
            ALPN Next Protocol: h2
            ALPN string length: 8
            ALPN Next Protocol: http/1.1

The resulting 'Server Hello' from the web server will also contain the ALPN extension, and it confirms which protocol will be used for the HTTP request:

    Handshake Type: Server Hello (2)
    Length: 94
    Version: TLS 1.2 (0x0303)
    Random: 44e447964d7e8a7d3b404c4748423f02345241dcc9c7e332...
    Session ID Length: 32
    Session ID: 7667476d1d698d0a90caa1d9a449be814b89a0b52f470e2d...
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
    Compression Method: null (0)
    Extensions Length: 22
    [other extensions omitted]
    Extension: application_layer_protocol_negotiation (len=5)
        Type: application_layer_protocol_negotiation (16)
        Length: 5
        ALPN Extension Length: 3
        ALPN Protocol
            ALPN string length: 2
            ALPN Next Protocol: h2