Negotiate the cipher suite before ALPN. HTTP/2 places requirements on the cipher suite. So that servers can decline HTTP/2 when these requirements aren't met, defer ALPN negotiation. See also b/32553041. Change-Id: Idbcf049f9c8bda06a8be52a0154fe76e84607268 Reviewed-on: https://boringssl-review.googlesource.com/11982 Reviewed-by: Adam Langley <agl@google.com>

commit: 9ef31f01af6c59efe65fe0c4ab3be7316046ccca [log] [tgz]
author: David Benjamin <davidben@google.com> Mon Oct 31 18:01:13 2016 -0400
committer: Adam Langley <agl@google.com> Wed Nov 02 18:06:23 2016 +0000
tree: e37f5287cae05050be98dcdcae9ccd1d68cf721d
parent: b2e2e32c35a228d9e690c90fd5e1bb575dbb0984 [diff] [blame]
diff --git a/ssl/internal.h b/ssl/internal.h
index b6f0203..461de2c 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -1083,6 +1083,12 @@
     SSL *ssl, uint8_t **out, size_t *out_len,
     enum ssl_cert_verify_context_t cert_verify_context);
 
+/* ssl_negotiate_alpn negotiates the ALPN extension, if applicable. It returns
+ * one on successful negotiation or if nothing was negotiated. It returns zero
+ * and sets |*out_alert| to an alert on error. */
+int ssl_negotiate_alpn(SSL *ssl, uint8_t *out_alert,
+                       const struct ssl_early_callback_ctx *client_hello);
+
 
 /* SSLKEYLOGFILE functions. */
commit	9ef31f01af6c59efe65fe0c4ab3be7316046ccca	[log] [tgz]
author	David Benjamin <davidben@google.com>	Mon Oct 31 18:01:13 2016 -0400
committer	Adam Langley <agl@google.com>	Wed Nov 02 18:06:23 2016 +0000
tree	e37f5287cae05050be98dcdcae9ccd1d68cf721d
parent	b2e2e32c35a228d9e690c90fd5e1bb575dbb0984 [diff] [blame]