8.1.2 What is ALPN and why is it needed?

ALPN (abbreviated Application-Layer Protocol Negotiation) is an extension of Transport Layer Security (TLS) that allows the application network layer to negotiate which protocol should be used over a secure connection, so as to avoid additional two-way requests. At the same time, ALPN is independent of other application layer protocols.

In practice, this is primarily needed for secure connections using the HTTP/2 protocol, which improves web page compression and reduces latency compared to the previous generation of HTTP/1.1 and HTTP/1.0. Without a library that supports ALPN on the server, work via the HTTP/2 protocol is not possible. Currently support ALPN is implemented by the following libraries:

  • OpenSSL from version
  • GnuTLS since version 3.2.0,
  • MatrixSSL since version 3.7.1
  • Network Security Services from version 3.15.5,
  • LibreSSL since version 2.1.3,
  • mbedTLS/PolarSSL since version 1.3.6
  • s2n all versions
  • wolfSSL/CyaSSL since version 3.7.0
  • BearSSL since version 0.3
  • Win32 SSPI starting with Windows 8.1 / Windows Server 2012 R2
  • SChannel running Windows 8.1 / Windows Server 2012 R2