Would you be amenable to adding a feature flag disabling http/2 cipher
validation? I realize this runs counter to the specification, however
I'd like to decouple usage of http2 features from the notoriously slow
aes gcm cipher suites on java 8.
This could be broken into two components:
- Disabling the alpn cipher blackist. The blacklist is suggested, but
not required[1]
- Disabling the requirement for TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
which is listed as required (for tlsv1.2)
I can understand strong reservations against relaxing this validation,
but given the existence of flags to disable other types of validation
I figured it would be worthwhile to inquire.
Thanks,
-Carter
1.
https://tools.ietf.org/html/rfc7540#section-9.2.2