On Wed, May 28, 2025 at 01:34:34PM +1000, David Leadbeater wrote:
> The only way to test alpn in base is with openssl s_client, which has
> some quirks. Here's a diff adding -T alpn=value to nc.

Thanks. This makes sense to me. I think it would be helpful to print the
selected ALPN in report_tls(): if tls_alpn was set via -T, display what
tls_conn_alpn_selected() returns (if it is non-NULL).

I believe there's incorrect behavior in libtls (present since ALPN
support was added): if there's no protocol overlap, per RFC 7301, 3.2,
a server should abort the handshake with a no_application_protocol alert.
See tlsext_alpn_server_process() for the corresponding logic in libssl:

Index: tls_server.c
===================================================================
RCS file: /cvs/src/lib/libtls/tls_server.c,v
diff -u -p -r1.51 tls_server.c
--- tls_server.c	26 Mar 2024 08:54:48 -0000	1.51
+++ tls_server.c	28 May 2025 03:59:18 -0000
@@ -75,7 +75,7 @@ tls_server_alpn_cb(SSL *ssl, const unsig
 	    OPENSSL_NPN_NEGOTIATED)
 		return (SSL_TLSEXT_ERR_OK);
 
-	return (SSL_TLSEXT_ERR_NOACK);
+	return (SSL_TLSEXT_ERR_ALERT_FATAL);
 }
 
 static int