summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc7540.txt
diff options
context:
space:
mode:
authorThomas Voss <mail@thomasvoss.com> 2024-11-27 20:54:24 +0100
committerThomas Voss <mail@thomasvoss.com> 2024-11-27 20:54:24 +0100
commit4bfd864f10b68b71482b35c818559068ef8d5797 (patch)
treee3989f47a7994642eb325063d46e8f08ffa681dc /doc/rfc/rfc7540.txt
parentea76e11061bda059ae9f9ad130a9895cc85607db (diff)
doc: Add RFC documents
Diffstat (limited to 'doc/rfc/rfc7540.txt')
-rw-r--r--doc/rfc/rfc7540.txt5379
1 files changed, 5379 insertions, 0 deletions
diff --git a/doc/rfc/rfc7540.txt b/doc/rfc/rfc7540.txt
new file mode 100644
index 0000000..d28043a
--- /dev/null
+++ b/doc/rfc/rfc7540.txt
@@ -0,0 +1,5379 @@
+
+
+
+
+
+
+Internet Engineering Task Force (IETF) M. Belshe
+Request for Comments: 7540 BitGo
+Category: Standards Track R. Peon
+ISSN: 2070-1721 Google, Inc
+ M. Thomson, Ed.
+ Mozilla
+ May 2015
+
+
+ Hypertext Transfer Protocol Version 2 (HTTP/2)
+
+Abstract
+
+ This specification describes an optimized expression of the semantics
+ of the Hypertext Transfer Protocol (HTTP), referred to as HTTP
+ version 2 (HTTP/2). HTTP/2 enables a more efficient use of network
+ resources and a reduced perception of latency by introducing header
+ field compression and allowing multiple concurrent exchanges on the
+ same connection. It also introduces unsolicited push of
+ representations from servers to clients.
+
+ This specification is an alternative to, but does not obsolete, the
+ HTTP/1.1 message syntax. HTTP's existing semantics remain unchanged.
+
+Status of This Memo
+
+ This is an Internet Standards Track document.
+
+ This document is a product of the Internet Engineering Task Force
+ (IETF). It represents the consensus of the IETF community. It has
+ received public review and has been approved for publication by the
+ Internet Engineering Steering Group (IESG). Further information on
+ Internet Standards is available in Section 2 of RFC 5741.
+
+ Information about the current status of this document, any errata,
+ and how to provide feedback on it may be obtained at
+ http://www.rfc-editor.org/info/rfc7540.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 1]
+
+RFC 7540 HTTP/2 May 2015
+
+
+Copyright Notice
+
+ Copyright (c) 2015 IETF Trust and the persons identified as the
+ document authors. All rights reserved.
+
+ This document is subject to BCP 78 and the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info) in effect on the date of
+ publication of this document. Please review these documents
+ carefully, as they describe your rights and restrictions with respect
+ to this document. Code Components extracted from this document must
+ include Simplified BSD License text as described in Section 4.e of
+ the Trust Legal Provisions and are provided without warranty as
+ described in the Simplified BSD License.
+
+Table of Contents
+
+ 1. Introduction ....................................................4
+ 2. HTTP/2 Protocol Overview ........................................5
+ 2.1. Document Organization ......................................6
+ 2.2. Conventions and Terminology ................................6
+ 3. Starting HTTP/2 .................................................7
+ 3.1. HTTP/2 Version Identification ..............................8
+ 3.2. Starting HTTP/2 for "http" URIs ............................8
+ 3.2.1. HTTP2-Settings Header Field .........................9
+ 3.3. Starting HTTP/2 for "https" URIs ..........................10
+ 3.4. Starting HTTP/2 with Prior Knowledge ......................10
+ 3.5. HTTP/2 Connection Preface .................................11
+ 4. HTTP Frames ....................................................12
+ 4.1. Frame Format ..............................................12
+ 4.2. Frame Size ................................................13
+ 4.3. Header Compression and Decompression ......................14
+ 5. Streams and Multiplexing .......................................15
+ 5.1. Stream States .............................................16
+ 5.1.1. Stream Identifiers .................................21
+ 5.1.2. Stream Concurrency .................................22
+ 5.2. Flow Control ..............................................22
+ 5.2.1. Flow-Control Principles ............................23
+ 5.2.2. Appropriate Use of Flow Control ....................24
+ 5.3. Stream Priority ...........................................24
+ 5.3.1. Stream Dependencies ................................25
+ 5.3.2. Dependency Weighting ...............................26
+ 5.3.3. Reprioritization ...................................26
+ 5.3.4. Prioritization State Management ....................27
+ 5.3.5. Default Priorities .................................28
+ 5.4. Error Handling ............................................28
+ 5.4.1. Connection Error Handling ..........................29
+ 5.4.2. Stream Error Handling ..............................29
+
+
+
+Belshe, et al. Standards Track [Page 2]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ 5.4.3. Connection Termination .............................30
+ 5.5. Extending HTTP/2 ..........................................30
+ 6. Frame Definitions ..............................................31
+ 6.1. DATA ......................................................31
+ 6.2. HEADERS ...................................................32
+ 6.3. PRIORITY ..................................................34
+ 6.4. RST_STREAM ................................................36
+ 6.5. SETTINGS ..................................................36
+ 6.5.1. SETTINGS Format ....................................38
+ 6.5.2. Defined SETTINGS Parameters ........................38
+ 6.5.3. Settings Synchronization ...........................39
+ 6.6. PUSH_PROMISE ..............................................40
+ 6.7. PING ......................................................42
+ 6.8. GOAWAY ....................................................43
+ 6.9. WINDOW_UPDATE .............................................46
+ 6.9.1. The Flow-Control Window ............................47
+ 6.9.2. Initial Flow-Control Window Size ...................48
+ 6.9.3. Reducing the Stream Window Size ....................49
+ 6.10. CONTINUATION .............................................49
+ 7. Error Codes ....................................................50
+ 8. HTTP Message Exchanges .........................................51
+ 8.1. HTTP Request/Response Exchange ............................52
+ 8.1.1. Upgrading from HTTP/2 ..............................53
+ 8.1.2. HTTP Header Fields .................................53
+ 8.1.3. Examples ...........................................57
+ 8.1.4. Request Reliability Mechanisms in HTTP/2 ...........60
+ 8.2. Server Push ...............................................60
+ 8.2.1. Push Requests ......................................61
+ 8.2.2. Push Responses .....................................63
+ 8.3. The CONNECT Method ........................................64
+ 9. Additional HTTP Requirements/Considerations ....................65
+ 9.1. Connection Management .....................................65
+ 9.1.1. Connection Reuse ...................................66
+ 9.1.2. The 421 (Misdirected Request) Status Code ..........66
+ 9.2. Use of TLS Features .......................................67
+ 9.2.1. TLS 1.2 Features ...................................67
+ 9.2.2. TLS 1.2 Cipher Suites ..............................68
+ 10. Security Considerations .......................................69
+ 10.1. Server Authority .........................................69
+ 10.2. Cross-Protocol Attacks ...................................69
+ 10.3. Intermediary Encapsulation Attacks .......................70
+ 10.4. Cacheability of Pushed Responses .........................70
+ 10.5. Denial-of-Service Considerations .........................70
+ 10.5.1. Limits on Header Block Size .......................71
+ 10.5.2. CONNECT Issues ....................................72
+ 10.6. Use of Compression .......................................72
+ 10.7. Use of Padding ...........................................73
+ 10.8. Privacy Considerations ...................................73
+
+
+
+Belshe, et al. Standards Track [Page 3]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ 11. IANA Considerations ...........................................74
+ 11.1. Registration of HTTP/2 Identification Strings ............74
+ 11.2. Frame Type Registry ......................................75
+ 11.3. Settings Registry ........................................75
+ 11.4. Error Code Registry ......................................76
+ 11.5. HTTP2-Settings Header Field Registration .................77
+ 11.6. PRI Method Registration ..................................78
+ 11.7. The 421 (Misdirected Request) HTTP Status Code ...........78
+ 11.8. The h2c Upgrade Token ....................................78
+ 12. References ....................................................79
+ 12.1. Normative References .....................................79
+ 12.2. Informative References ...................................81
+ Appendix A. TLS 1.2 Cipher Suite Black List .......................83
+ Acknowledgements ..................................................95
+ Authors' Addresses ................................................96
+
+1. Introduction
+
+ The Hypertext Transfer Protocol (HTTP) is a wildly successful
+ protocol. However, the way HTTP/1.1 uses the underlying transport
+ ([RFC7230], Section 6) has several characteristics that have a
+ negative overall effect on application performance today.
+
+ In particular, HTTP/1.0 allowed only one request to be outstanding at
+ a time on a given TCP connection. HTTP/1.1 added request pipelining,
+ but this only partially addressed request concurrency and still
+ suffers from head-of-line blocking. Therefore, HTTP/1.0 and HTTP/1.1
+ clients that need to make many requests use multiple connections to a
+ server in order to achieve concurrency and thereby reduce latency.
+
+ Furthermore, HTTP header fields are often repetitive and verbose,
+ causing unnecessary network traffic as well as causing the initial
+ TCP [TCP] congestion window to quickly fill. This can result in
+ excessive latency when multiple requests are made on a new TCP
+ connection.
+
+ HTTP/2 addresses these issues by defining an optimized mapping of
+ HTTP's semantics to an underlying connection. Specifically, it
+ allows interleaving of request and response messages on the same
+ connection and uses an efficient coding for HTTP header fields. It
+ also allows prioritization of requests, letting more important
+ requests complete more quickly, further improving performance.
+
+
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 4]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ The resulting protocol is more friendly to the network because fewer
+ TCP connections can be used in comparison to HTTP/1.x. This means
+ less competition with other flows and longer-lived connections, which
+ in turn lead to better utilization of available network capacity.
+
+ Finally, HTTP/2 also enables more efficient processing of messages
+ through use of binary message framing.
+
+2. HTTP/2 Protocol Overview
+
+ HTTP/2 provides an optimized transport for HTTP semantics. HTTP/2
+ supports all of the core features of HTTP/1.1 but aims to be more
+ efficient in several ways.
+
+ The basic protocol unit in HTTP/2 is a frame (Section 4.1). Each
+ frame type serves a different purpose. For example, HEADERS and DATA
+ frames form the basis of HTTP requests and responses (Section 8.1);
+ other frame types like SETTINGS, WINDOW_UPDATE, and PUSH_PROMISE are
+ used in support of other HTTP/2 features.
+
+ Multiplexing of requests is achieved by having each HTTP request/
+ response exchange associated with its own stream (Section 5).
+ Streams are largely independent of each other, so a blocked or
+ stalled request or response does not prevent progress on other
+ streams.
+
+ Flow control and prioritization ensure that it is possible to
+ efficiently use multiplexed streams. Flow control (Section 5.2)
+ helps to ensure that only data that can be used by a receiver is
+ transmitted. Prioritization (Section 5.3) ensures that limited
+ resources can be directed to the most important streams first.
+
+ HTTP/2 adds a new interaction mode whereby a server can push
+ responses to a client (Section 8.2). Server push allows a server to
+ speculatively send data to a client that the server anticipates the
+ client will need, trading off some network usage against a potential
+ latency gain. The server does this by synthesizing a request, which
+ it sends as a PUSH_PROMISE frame. The server is then able to send a
+ response to the synthetic request on a separate stream.
+
+ Because HTTP header fields used in a connection can contain large
+ amounts of redundant data, frames that contain them are compressed
+ (Section 4.3). This has especially advantageous impact upon request
+ sizes in the common case, allowing many requests to be compressed
+ into one packet.
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 5]
+
+RFC 7540 HTTP/2 May 2015
+
+
+2.1. Document Organization
+
+ The HTTP/2 specification is split into four parts:
+
+ o Starting HTTP/2 (Section 3) covers how an HTTP/2 connection is
+ initiated.
+
+ o The frame (Section 4) and stream (Section 5) layers describe the
+ way HTTP/2 frames are structured and formed into multiplexed
+ streams.
+
+ o Frame (Section 6) and error (Section 7) definitions include
+ details of the frame and error types used in HTTP/2.
+
+ o HTTP mappings (Section 8) and additional requirements (Section 9)
+ describe how HTTP semantics are expressed using frames and
+ streams.
+
+ While some of the frame and stream layer concepts are isolated from
+ HTTP, this specification does not define a completely generic frame
+ layer. The frame and stream layers are tailored to the needs of the
+ HTTP protocol and server push.
+
+2.2. Conventions and Terminology
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in RFC 2119 [RFC2119].
+
+ All numeric values are in network byte order. Values are unsigned
+ unless otherwise indicated. Literal values are provided in decimal
+ or hexadecimal as appropriate. Hexadecimal literals are prefixed
+ with "0x" to distinguish them from decimal literals.
+
+ The following terms are used:
+
+ client: The endpoint that initiates an HTTP/2 connection. Clients
+ send HTTP requests and receive HTTP responses.
+
+ connection: A transport-layer connection between two endpoints.
+
+ connection error: An error that affects the entire HTTP/2
+ connection.
+
+ endpoint: Either the client or server of the connection.
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 6]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ frame: The smallest unit of communication within an HTTP/2
+ connection, consisting of a header and a variable-length sequence
+ of octets structured according to the frame type.
+
+ peer: An endpoint. When discussing a particular endpoint, "peer"
+ refers to the endpoint that is remote to the primary subject of
+ discussion.
+
+ receiver: An endpoint that is receiving frames.
+
+ sender: An endpoint that is transmitting frames.
+
+ server: The endpoint that accepts an HTTP/2 connection. Servers
+ receive HTTP requests and send HTTP responses.
+
+ stream: A bidirectional flow of frames within the HTTP/2 connection.
+
+ stream error: An error on the individual HTTP/2 stream.
+
+ Finally, the terms "gateway", "intermediary", "proxy", and "tunnel"
+ are defined in Section 2.3 of [RFC7230]. Intermediaries act as both
+ client and server at different times.
+
+ The term "payload body" is defined in Section 3.3 of [RFC7230].
+
+3. Starting HTTP/2
+
+ An HTTP/2 connection is an application-layer protocol running on top
+ of a TCP connection ([TCP]). The client is the TCP connection
+ initiator.
+
+ HTTP/2 uses the same "http" and "https" URI schemes used by HTTP/1.1.
+ HTTP/2 shares the same default port numbers: 80 for "http" URIs and
+ 443 for "https" URIs. As a result, implementations processing
+ requests for target resource URIs like "http://example.org/foo" or
+ "https://example.com/bar" are required to first discover whether the
+ upstream server (the immediate peer to which the client wishes to
+ establish a connection) supports HTTP/2.
+
+ The means by which support for HTTP/2 is determined is different for
+ "http" and "https" URIs. Discovery for "http" URIs is described in
+ Section 3.2. Discovery for "https" URIs is described in Section 3.3.
+
+
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 7]
+
+RFC 7540 HTTP/2 May 2015
+
+
+3.1. HTTP/2 Version Identification
+
+ The protocol defined in this document has two identifiers.
+
+ o The string "h2" identifies the protocol where HTTP/2 uses
+ Transport Layer Security (TLS) [TLS12]. This identifier is used
+ in the TLS application-layer protocol negotiation (ALPN) extension
+ [TLS-ALPN] field and in any place where HTTP/2 over TLS is
+ identified.
+
+ The "h2" string is serialized into an ALPN protocol identifier as
+ the two-octet sequence: 0x68, 0x32.
+
+ o The string "h2c" identifies the protocol where HTTP/2 is run over
+ cleartext TCP. This identifier is used in the HTTP/1.1 Upgrade
+ header field and in any place where HTTP/2 over TCP is identified.
+
+ The "h2c" string is reserved from the ALPN identifier space but
+ describes a protocol that does not use TLS.
+
+ Negotiating "h2" or "h2c" implies the use of the transport, security,
+ framing, and message semantics described in this document.
+
+3.2. Starting HTTP/2 for "http" URIs
+
+ A client that makes a request for an "http" URI without prior
+ knowledge about support for HTTP/2 on the next hop uses the HTTP
+ Upgrade mechanism (Section 6.7 of [RFC7230]). The client does so by
+ making an HTTP/1.1 request that includes an Upgrade header field with
+ the "h2c" token. Such an HTTP/1.1 request MUST include exactly one
+ HTTP2-Settings (Section 3.2.1) header field.
+
+ For example:
+
+ GET / HTTP/1.1
+ Host: server.example.com
+ Connection: Upgrade, HTTP2-Settings
+ Upgrade: h2c
+ HTTP2-Settings: <base64url encoding of HTTP/2 SETTINGS payload>
+
+ Requests that contain a payload body MUST be sent in their entirety
+ before the client can send HTTP/2 frames. This means that a large
+ request can block the use of the connection until it is completely
+ sent.
+
+ If concurrency of an initial request with subsequent requests is
+ important, an OPTIONS request can be used to perform the upgrade to
+ HTTP/2, at the cost of an additional round trip.
+
+
+
+Belshe, et al. Standards Track [Page 8]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ A server that does not support HTTP/2 can respond to the request as
+ though the Upgrade header field were absent:
+
+ HTTP/1.1 200 OK
+ Content-Length: 243
+ Content-Type: text/html
+
+ ...
+
+ A server MUST ignore an "h2" token in an Upgrade header field.
+ Presence of a token with "h2" implies HTTP/2 over TLS, which is
+ instead negotiated as described in Section 3.3.
+
+ A server that supports HTTP/2 accepts the upgrade with a 101
+ (Switching Protocols) response. After the empty line that terminates
+ the 101 response, the server can begin sending HTTP/2 frames. These
+ frames MUST include a response to the request that initiated the
+ upgrade.
+
+ For example:
+
+ HTTP/1.1 101 Switching Protocols
+ Connection: Upgrade
+ Upgrade: h2c
+
+ [ HTTP/2 connection ...
+
+ The first HTTP/2 frame sent by the server MUST be a server connection
+ preface (Section 3.5) consisting of a SETTINGS frame (Section 6.5).
+ Upon receiving the 101 response, the client MUST send a connection
+ preface (Section 3.5), which includes a SETTINGS frame.
+
+ The HTTP/1.1 request that is sent prior to upgrade is assigned a
+ stream identifier of 1 (see Section 5.1.1) with default priority
+ values (Section 5.3.5). Stream 1 is implicitly "half-closed" from
+ the client toward the server (see Section 5.1), since the request is
+ completed as an HTTP/1.1 request. After commencing the HTTP/2
+ connection, stream 1 is used for the response.
+
+3.2.1. HTTP2-Settings Header Field
+
+ A request that upgrades from HTTP/1.1 to HTTP/2 MUST include exactly
+ one "HTTP2-Settings" header field. The HTTP2-Settings header field
+ is a connection-specific header field that includes parameters that
+ govern the HTTP/2 connection, provided in anticipation of the server
+ accepting the request to upgrade.
+
+ HTTP2-Settings = token68
+
+
+
+Belshe, et al. Standards Track [Page 9]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ A server MUST NOT upgrade the connection to HTTP/2 if this header
+ field is not present or if more than one is present. A server MUST
+ NOT send this header field.
+
+ The content of the HTTP2-Settings header field is the payload of a
+ SETTINGS frame (Section 6.5), encoded as a base64url string (that is,
+ the URL- and filename-safe Base64 encoding described in Section 5 of
+ [RFC4648], with any trailing '=' characters omitted). The ABNF
+ [RFC5234] production for "token68" is defined in Section 2.1 of
+ [RFC7235].
+
+ Since the upgrade is only intended to apply to the immediate
+ connection, a client sending the HTTP2-Settings header field MUST
+ also send "HTTP2-Settings" as a connection option in the Connection
+ header field to prevent it from being forwarded (see Section 6.1 of
+ [RFC7230]).
+
+ A server decodes and interprets these values as it would any other
+ SETTINGS frame. Explicit acknowledgement of these settings
+ (Section 6.5.3) is not necessary, since a 101 response serves as
+ implicit acknowledgement. Providing these values in the upgrade
+ request gives a client an opportunity to provide parameters prior to
+ receiving any frames from the server.
+
+3.3. Starting HTTP/2 for "https" URIs
+
+ A client that makes a request to an "https" URI uses TLS [TLS12] with
+ the application-layer protocol negotiation (ALPN) extension
+ [TLS-ALPN].
+
+ HTTP/2 over TLS uses the "h2" protocol identifier. The "h2c"
+ protocol identifier MUST NOT be sent by a client or selected by a
+ server; the "h2c" protocol identifier describes a protocol that does
+ not use TLS.
+
+ Once TLS negotiation is complete, both the client and the server MUST
+ send a connection preface (Section 3.5).
+
+3.4. Starting HTTP/2 with Prior Knowledge
+
+ A client can learn that a particular server supports HTTP/2 by other
+ means. For example, [ALT-SVC] describes a mechanism for advertising
+ this capability.
+
+ A client MUST send the connection preface (Section 3.5) and then MAY
+ immediately send HTTP/2 frames to such a server; servers can identify
+ these connections by the presence of the connection preface. This
+
+
+
+
+Belshe, et al. Standards Track [Page 10]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ only affects the establishment of HTTP/2 connections over cleartext
+ TCP; implementations that support HTTP/2 over TLS MUST use protocol
+ negotiation in TLS [TLS-ALPN].
+
+ Likewise, the server MUST send a connection preface (Section 3.5).
+
+ Without additional information, prior support for HTTP/2 is not a
+ strong signal that a given server will support HTTP/2 for future
+ connections. For example, it is possible for server configurations
+ to change, for configurations to differ between instances in
+ clustered servers, or for network conditions to change.
+
+3.5. HTTP/2 Connection Preface
+
+ In HTTP/2, each endpoint is required to send a connection preface as
+ a final confirmation of the protocol in use and to establish the
+ initial settings for the HTTP/2 connection. The client and server
+ each send a different connection preface.
+
+ The client connection preface starts with a sequence of 24 octets,
+ which in hex notation is:
+
+ 0x505249202a20485454502f322e300d0a0d0a534d0d0a0d0a
+
+ That is, the connection preface starts with the string "PRI *
+ HTTP/2.0\r\n\r\nSM\r\n\r\n"). This sequence MUST be followed by a
+ SETTINGS frame (Section 6.5), which MAY be empty. The client sends
+ the client connection preface immediately upon receipt of a 101
+ (Switching Protocols) response (indicating a successful upgrade) or
+ as the first application data octets of a TLS connection. If
+ starting an HTTP/2 connection with prior knowledge of server support
+ for the protocol, the client connection preface is sent upon
+ connection establishment.
+
+ Note: The client connection preface is selected so that a large
+ proportion of HTTP/1.1 or HTTP/1.0 servers and intermediaries do
+ not attempt to process further frames. Note that this does not
+ address the concerns raised in [TALKING].
+
+ The server connection preface consists of a potentially empty
+ SETTINGS frame (Section 6.5) that MUST be the first frame the server
+ sends in the HTTP/2 connection.
+
+ The SETTINGS frames received from a peer as part of the connection
+ preface MUST be acknowledged (see Section 6.5.3) after sending the
+ connection preface.
+
+
+
+
+
+Belshe, et al. Standards Track [Page 11]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ To avoid unnecessary latency, clients are permitted to send
+ additional frames to the server immediately after sending the client
+ connection preface, without waiting to receive the server connection
+ preface. It is important to note, however, that the server
+ connection preface SETTINGS frame might include parameters that
+ necessarily alter how a client is expected to communicate with the
+ server. Upon receiving the SETTINGS frame, the client is expected to
+ honor any parameters established. In some configurations, it is
+ possible for the server to transmit SETTINGS before the client sends
+ additional frames, providing an opportunity to avoid this issue.
+
+ Clients and servers MUST treat an invalid connection preface as a
+ connection error (Section 5.4.1) of type PROTOCOL_ERROR. A GOAWAY
+ frame (Section 6.8) MAY be omitted in this case, since an invalid
+ preface indicates that the peer is not using HTTP/2.
+
+4. HTTP Frames
+
+ Once the HTTP/2 connection is established, endpoints can begin
+ exchanging frames.
+
+4.1. Frame Format
+
+ All frames begin with a fixed 9-octet header followed by a variable-
+ length payload.
+
+ +-----------------------------------------------+
+ | Length (24) |
+ +---------------+---------------+---------------+
+ | Type (8) | Flags (8) |
+ +-+-------------+---------------+-------------------------------+
+ |R| Stream Identifier (31) |
+ +=+=============================================================+
+ | Frame Payload (0...) ...
+ +---------------------------------------------------------------+
+
+ Figure 1: Frame Layout
+
+ The fields of the frame header are defined as:
+
+ Length: The length of the frame payload expressed as an unsigned
+ 24-bit integer. Values greater than 2^14 (16,384) MUST NOT be
+ sent unless the receiver has set a larger value for
+ SETTINGS_MAX_FRAME_SIZE.
+
+ The 9 octets of the frame header are not included in this value.
+
+
+
+
+
+Belshe, et al. Standards Track [Page 12]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ Type: The 8-bit type of the frame. The frame type determines the
+ format and semantics of the frame. Implementations MUST ignore
+ and discard any frame that has a type that is unknown.
+
+ Flags: An 8-bit field reserved for boolean flags specific to the
+ frame type.
+
+ Flags are assigned semantics specific to the indicated frame type.
+ Flags that have no defined semantics for a particular frame type
+ MUST be ignored and MUST be left unset (0x0) when sending.
+
+ R: A reserved 1-bit field. The semantics of this bit are undefined,
+ and the bit MUST remain unset (0x0) when sending and MUST be
+ ignored when receiving.
+
+ Stream Identifier: A stream identifier (see Section 5.1.1) expressed
+ as an unsigned 31-bit integer. The value 0x0 is reserved for
+ frames that are associated with the connection as a whole as
+ opposed to an individual stream.
+
+ The structure and content of the frame payload is dependent entirely
+ on the frame type.
+
+4.2. Frame Size
+
+ The size of a frame payload is limited by the maximum size that a
+ receiver advertises in the SETTINGS_MAX_FRAME_SIZE setting. This
+ setting can have any value between 2^14 (16,384) and 2^24-1
+ (16,777,215) octets, inclusive.
+
+ All implementations MUST be capable of receiving and minimally
+ processing frames up to 2^14 octets in length, plus the 9-octet frame
+ header (Section 4.1). The size of the frame header is not included
+ when describing frame sizes.
+
+ Note: Certain frame types, such as PING (Section 6.7), impose
+ additional limits on the amount of payload data allowed.
+
+ An endpoint MUST send an error code of FRAME_SIZE_ERROR if a frame
+ exceeds the size defined in SETTINGS_MAX_FRAME_SIZE, exceeds any
+ limit defined for the frame type, or is too small to contain
+ mandatory frame data. A frame size error in a frame that could alter
+ the state of the entire connection MUST be treated as a connection
+ error (Section 5.4.1); this includes any frame carrying a header
+ block (Section 4.3) (that is, HEADERS, PUSH_PROMISE, and
+ CONTINUATION), SETTINGS, and any frame with a stream identifier of 0.
+
+
+
+
+
+Belshe, et al. Standards Track [Page 13]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ Endpoints are not obligated to use all available space in a frame.
+ Responsiveness can be improved by using frames that are smaller than
+ the permitted maximum size. Sending large frames can result in
+ delays in sending time-sensitive frames (such as RST_STREAM,
+ WINDOW_UPDATE, or PRIORITY), which, if blocked by the transmission of
+ a large frame, could affect performance.
+
+4.3. Header Compression and Decompression
+
+ Just as in HTTP/1, a header field in HTTP/2 is a name with one or
+ more associated values. Header fields are used within HTTP request
+ and response messages as well as in server push operations (see
+ Section 8.2).
+
+ Header lists are collections of zero or more header fields. When
+ transmitted over a connection, a header list is serialized into a
+ header block using HTTP header compression [COMPRESSION]. The
+ serialized header block is then divided into one or more octet
+ sequences, called header block fragments, and transmitted within the
+ payload of HEADERS (Section 6.2), PUSH_PROMISE (Section 6.6), or
+ CONTINUATION (Section 6.10) frames.
+
+ The Cookie header field [COOKIE] is treated specially by the HTTP
+ mapping (see Section 8.1.2.5).
+
+ A receiving endpoint reassembles the header block by concatenating
+ its fragments and then decompresses the block to reconstruct the
+ header list.
+
+ A complete header block consists of either:
+
+ o a single HEADERS or PUSH_PROMISE frame, with the END_HEADERS flag
+ set, or
+
+ o a HEADERS or PUSH_PROMISE frame with the END_HEADERS flag cleared
+ and one or more CONTINUATION frames, where the last CONTINUATION
+ frame has the END_HEADERS flag set.
+
+ Header compression is stateful. One compression context and one
+ decompression context are used for the entire connection. A decoding
+ error in a header block MUST be treated as a connection error
+ (Section 5.4.1) of type COMPRESSION_ERROR.
+
+ Each header block is processed as a discrete unit. Header blocks
+ MUST be transmitted as a contiguous sequence of frames, with no
+ interleaved frames of any other type or from any other stream. The
+ last frame in a sequence of HEADERS or CONTINUATION frames has the
+
+
+
+
+Belshe, et al. Standards Track [Page 14]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ END_HEADERS flag set. The last frame in a sequence of PUSH_PROMISE
+ or CONTINUATION frames has the END_HEADERS flag set. This allows a
+ header block to be logically equivalent to a single frame.
+
+ Header block fragments can only be sent as the payload of HEADERS,
+ PUSH_PROMISE, or CONTINUATION frames because these frames carry data
+ that can modify the compression context maintained by a receiver. An
+ endpoint receiving HEADERS, PUSH_PROMISE, or CONTINUATION frames
+ needs to reassemble header blocks and perform decompression even if
+ the frames are to be discarded. A receiver MUST terminate the
+ connection with a connection error (Section 5.4.1) of type
+ COMPRESSION_ERROR if it does not decompress a header block.
+
+5. Streams and Multiplexing
+
+ A "stream" is an independent, bidirectional sequence of frames
+ exchanged between the client and server within an HTTP/2 connection.
+ Streams have several important characteristics:
+
+ o A single HTTP/2 connection can contain multiple concurrently open
+ streams, with either endpoint interleaving frames from multiple
+ streams.
+
+ o Streams can be established and used unilaterally or shared by
+ either the client or server.
+
+ o Streams can be closed by either endpoint.
+
+ o The order in which frames are sent on a stream is significant.
+ Recipients process frames in the order they are received. In
+ particular, the order of HEADERS and DATA frames is semantically
+ significant.
+
+ o Streams are identified by an integer. Stream identifiers are
+ assigned to streams by the endpoint initiating the stream.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 15]
+
+RFC 7540 HTTP/2 May 2015
+
+
+5.1. Stream States
+
+ The lifecycle of a stream is shown in Figure 2.
+
+ +--------+
+ send PP | | recv PP
+ ,--------| idle |--------.
+ / | | \
+ v +--------+ v
+ +----------+ | +----------+
+ | | | send H / | |
+ ,------| reserved | | recv H | reserved |------.
+ | | (local) | | | (remote) | |
+ | +----------+ v +----------+ |
+ | | +--------+ | |
+ | | recv ES | | send ES | |
+ | send H | ,-------| open |-------. | recv H |
+ | | / | | \ | |
+ | v v +--------+ v v |
+ | +----------+ | +----------+ |
+ | | half | | | half | |
+ | | closed | | send R / | closed | |
+ | | (remote) | | recv R | (local) | |
+ | +----------+ | +----------+ |
+ | | | | |
+ | | send ES / | recv ES / | |
+ | | send R / v send R / | |
+ | | recv R +--------+ recv R | |
+ | send R / `----------->| |<-----------' send R / |
+ | recv R | closed | recv R |
+ `----------------------->| |<----------------------'
+ +--------+
+
+ send: endpoint sends this frame
+ recv: endpoint receives this frame
+
+ H: HEADERS frame (with implied CONTINUATIONs)
+ PP: PUSH_PROMISE frame (with implied CONTINUATIONs)
+ ES: END_STREAM flag
+ R: RST_STREAM frame
+
+ Figure 2: Stream States
+
+ Note that this diagram shows stream state transitions and the frames
+ and flags that affect those transitions only. In this regard,
+ CONTINUATION frames do not result in state transitions; they are
+ effectively part of the HEADERS or PUSH_PROMISE that they follow.
+
+
+
+
+Belshe, et al. Standards Track [Page 16]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ For the purpose of state transitions, the END_STREAM flag is
+ processed as a separate event to the frame that bears it; a HEADERS
+ frame with the END_STREAM flag set can cause two state transitions.
+
+ Both endpoints have a subjective view of the state of a stream that
+ could be different when frames are in transit. Endpoints do not
+ coordinate the creation of streams; they are created unilaterally by
+ either endpoint. The negative consequences of a mismatch in states
+ are limited to the "closed" state after sending RST_STREAM, where
+ frames might be received for some time after closing.
+
+ Streams have the following states:
+
+ idle:
+ All streams start in the "idle" state.
+
+ The following transitions are valid from this state:
+
+ * Sending or receiving a HEADERS frame causes the stream to
+ become "open". The stream identifier is selected as described
+ in Section 5.1.1. The same HEADERS frame can also cause a
+ stream to immediately become "half-closed".
+
+ * Sending a PUSH_PROMISE frame on another stream reserves the
+ idle stream that is identified for later use. The stream state
+ for the reserved stream transitions to "reserved (local)".
+
+ * Receiving a PUSH_PROMISE frame on another stream reserves an
+ idle stream that is identified for later use. The stream state
+ for the reserved stream transitions to "reserved (remote)".
+
+ * Note that the PUSH_PROMISE frame is not sent on the idle stream
+ but references the newly reserved stream in the Promised Stream
+ ID field.
+
+ Receiving any frame other than HEADERS or PRIORITY on a stream in
+ this state MUST be treated as a connection error (Section 5.4.1)
+ of type PROTOCOL_ERROR.
+
+ reserved (local):
+ A stream in the "reserved (local)" state is one that has been
+ promised by sending a PUSH_PROMISE frame. A PUSH_PROMISE frame
+ reserves an idle stream by associating the stream with an open
+ stream that was initiated by the remote peer (see Section 8.2).
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 17]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ In this state, only the following transitions are possible:
+
+ * The endpoint can send a HEADERS frame. This causes the stream
+ to open in a "half-closed (remote)" state.
+
+ * Either endpoint can send a RST_STREAM frame to cause the stream
+ to become "closed". This releases the stream reservation.
+
+
+ An endpoint MUST NOT send any type of frame other than HEADERS,
+ RST_STREAM, or PRIORITY in this state.
+
+ A PRIORITY or WINDOW_UPDATE frame MAY be received in this state.
+ Receiving any type of frame other than RST_STREAM, PRIORITY, or
+ WINDOW_UPDATE on a stream in this state MUST be treated as a
+ connection error (Section 5.4.1) of type PROTOCOL_ERROR.
+
+ reserved (remote):
+ A stream in the "reserved (remote)" state has been reserved by a
+ remote peer.
+
+ In this state, only the following transitions are possible:
+
+ * Receiving a HEADERS frame causes the stream to transition to
+ "half-closed (local)".
+
+ * Either endpoint can send a RST_STREAM frame to cause the stream
+ to become "closed". This releases the stream reservation.
+
+ An endpoint MAY send a PRIORITY frame in this state to
+ reprioritize the reserved stream. An endpoint MUST NOT send any
+ type of frame other than RST_STREAM, WINDOW_UPDATE, or PRIORITY in
+ this state.
+
+ Receiving any type of frame other than HEADERS, RST_STREAM, or
+ PRIORITY on a stream in this state MUST be treated as a connection
+ error (Section 5.4.1) of type PROTOCOL_ERROR.
+
+ open:
+ A stream in the "open" state may be used by both peers to send
+ frames of any type. In this state, sending peers observe
+ advertised stream-level flow-control limits (Section 5.2).
+
+ From this state, either endpoint can send a frame with an
+ END_STREAM flag set, which causes the stream to transition into
+ one of the "half-closed" states. An endpoint sending an
+
+
+
+
+
+Belshe, et al. Standards Track [Page 18]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ END_STREAM flag causes the stream state to become "half-closed
+ (local)"; an endpoint receiving an END_STREAM flag causes the
+ stream state to become "half-closed (remote)".
+
+ Either endpoint can send a RST_STREAM frame from this state,
+ causing it to transition immediately to "closed".
+
+ half-closed (local):
+ A stream that is in the "half-closed (local)" state cannot be used
+ for sending frames other than WINDOW_UPDATE, PRIORITY, and
+ RST_STREAM.
+
+ A stream transitions from this state to "closed" when a frame that
+ contains an END_STREAM flag is received or when either peer sends
+ a RST_STREAM frame.
+
+ An endpoint can receive any type of frame in this state.
+ Providing flow-control credit using WINDOW_UPDATE frames is
+ necessary to continue receiving flow-controlled frames. In this
+ state, a receiver can ignore WINDOW_UPDATE frames, which might
+ arrive for a short period after a frame bearing the END_STREAM
+ flag is sent.
+
+ PRIORITY frames received in this state are used to reprioritize
+ streams that depend on the identified stream.
+
+ half-closed (remote):
+ A stream that is "half-closed (remote)" is no longer being used by
+ the peer to send frames. In this state, an endpoint is no longer
+ obligated to maintain a receiver flow-control window.
+
+ If an endpoint receives additional frames, other than
+ WINDOW_UPDATE, PRIORITY, or RST_STREAM, for a stream that is in
+ this state, it MUST respond with a stream error (Section 5.4.2) of
+ type STREAM_CLOSED.
+
+ A stream that is "half-closed (remote)" can be used by the
+ endpoint to send frames of any type. In this state, the endpoint
+ continues to observe advertised stream-level flow-control limits
+ (Section 5.2).
+
+ A stream can transition from this state to "closed" by sending a
+ frame that contains an END_STREAM flag or when either peer sends a
+ RST_STREAM frame.
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 19]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ closed:
+ The "closed" state is the terminal state.
+
+ An endpoint MUST NOT send frames other than PRIORITY on a closed
+ stream. An endpoint that receives any frame other than PRIORITY
+ after receiving a RST_STREAM MUST treat that as a stream error
+ (Section 5.4.2) of type STREAM_CLOSED. Similarly, an endpoint
+ that receives any frames after receiving a frame with the
+ END_STREAM flag set MUST treat that as a connection error
+ (Section 5.4.1) of type STREAM_CLOSED, unless the frame is
+ permitted as described below.
+
+ WINDOW_UPDATE or RST_STREAM frames can be received in this state
+ for a short period after a DATA or HEADERS frame containing an
+ END_STREAM flag is sent. Until the remote peer receives and
+ processes RST_STREAM or the frame bearing the END_STREAM flag, it
+ might send frames of these types. Endpoints MUST ignore
+ WINDOW_UPDATE or RST_STREAM frames received in this state, though
+ endpoints MAY choose to treat frames that arrive a significant
+ time after sending END_STREAM as a connection error
+ (Section 5.4.1) of type PROTOCOL_ERROR.
+
+ PRIORITY frames can be sent on closed streams to prioritize
+ streams that are dependent on the closed stream. Endpoints SHOULD
+ process PRIORITY frames, though they can be ignored if the stream
+ has been removed from the dependency tree (see Section 5.3.4).
+
+ If this state is reached as a result of sending a RST_STREAM
+ frame, the peer that receives the RST_STREAM might have already
+ sent -- or enqueued for sending -- frames on the stream that
+ cannot be withdrawn. An endpoint MUST ignore frames that it
+ receives on closed streams after it has sent a RST_STREAM frame.
+ An endpoint MAY choose to limit the period over which it ignores
+ frames and treat frames that arrive after this time as being in
+ error.
+
+ Flow-controlled frames (i.e., DATA) received after sending
+ RST_STREAM are counted toward the connection flow-control window.
+ Even though these frames might be ignored, because they are sent
+ before the sender receives the RST_STREAM, the sender will
+ consider the frames to count against the flow-control window.
+
+ An endpoint might receive a PUSH_PROMISE frame after it sends
+ RST_STREAM. PUSH_PROMISE causes a stream to become "reserved"
+ even if the associated stream has been reset. Therefore, a
+ RST_STREAM is needed to close an unwanted promised stream.
+
+
+
+
+
+Belshe, et al. Standards Track [Page 20]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ In the absence of more specific guidance elsewhere in this document,
+ implementations SHOULD treat the receipt of a frame that is not
+ expressly permitted in the description of a state as a connection
+ error (Section 5.4.1) of type PROTOCOL_ERROR. Note that PRIORITY can
+ be sent and received in any stream state. Frames of unknown types
+ are ignored.
+
+ An example of the state transitions for an HTTP request/response
+ exchange can be found in Section 8.1. An example of the state
+ transitions for server push can be found in Sections 8.2.1 and 8.2.2.
+
+5.1.1. Stream Identifiers
+
+ Streams are identified with an unsigned 31-bit integer. Streams
+ initiated by a client MUST use odd-numbered stream identifiers; those
+ initiated by the server MUST use even-numbered stream identifiers. A
+ stream identifier of zero (0x0) is used for connection control
+ messages; the stream identifier of zero cannot be used to establish a
+ new stream.
+
+ HTTP/1.1 requests that are upgraded to HTTP/2 (see Section 3.2) are
+ responded to with a stream identifier of one (0x1). After the
+ upgrade completes, stream 0x1 is "half-closed (local)" to the client.
+ Therefore, stream 0x1 cannot be selected as a new stream identifier
+ by a client that upgrades from HTTP/1.1.
+
+ The identifier of a newly established stream MUST be numerically
+ greater than all streams that the initiating endpoint has opened or
+ reserved. This governs streams that are opened using a HEADERS frame
+ and streams that are reserved using PUSH_PROMISE. An endpoint that
+ receives an unexpected stream identifier MUST respond with a
+ connection error (Section 5.4.1) of type PROTOCOL_ERROR.
+
+ The first use of a new stream identifier implicitly closes all
+ streams in the "idle" state that might have been initiated by that
+ peer with a lower-valued stream identifier. For example, if a client
+ sends a HEADERS frame on stream 7 without ever sending a frame on
+ stream 5, then stream 5 transitions to the "closed" state when the
+ first frame for stream 7 is sent or received.
+
+ Stream identifiers cannot be reused. Long-lived connections can
+ result in an endpoint exhausting the available range of stream
+ identifiers. A client that is unable to establish a new stream
+ identifier can establish a new connection for new streams. A server
+ that is unable to establish a new stream identifier can send a GOAWAY
+ frame so that the client is forced to open a new connection for new
+ streams.
+
+
+
+
+Belshe, et al. Standards Track [Page 21]
+
+RFC 7540 HTTP/2 May 2015
+
+
+5.1.2. Stream Concurrency
+
+ A peer can limit the number of concurrently active streams using the
+ SETTINGS_MAX_CONCURRENT_STREAMS parameter (see Section 6.5.2) within
+ a SETTINGS frame. The maximum concurrent streams setting is specific
+ to each endpoint and applies only to the peer that receives the
+ setting. That is, clients specify the maximum number of concurrent
+ streams the server can initiate, and servers specify the maximum
+ number of concurrent streams the client can initiate.
+
+ Streams that are in the "open" state or in either of the "half-
+ closed" states count toward the maximum number of streams that an
+ endpoint is permitted to open. Streams in any of these three states
+ count toward the limit advertised in the
+ SETTINGS_MAX_CONCURRENT_STREAMS setting. Streams in either of the
+ "reserved" states do not count toward the stream limit.
+
+ Endpoints MUST NOT exceed the limit set by their peer. An endpoint
+ that receives a HEADERS frame that causes its advertised concurrent
+ stream limit to be exceeded MUST treat this as a stream error
+ (Section 5.4.2) of type PROTOCOL_ERROR or REFUSED_STREAM. The choice
+ of error code determines whether the endpoint wishes to enable
+ automatic retry (see Section 8.1.4) for details).
+
+ An endpoint that wishes to reduce the value of
+ SETTINGS_MAX_CONCURRENT_STREAMS to a value that is below the current
+ number of open streams can either close streams that exceed the new
+ value or allow streams to complete.
+
+5.2. Flow Control
+
+ Using streams for multiplexing introduces contention over use of the
+ TCP connection, resulting in blocked streams. A flow-control scheme
+ ensures that streams on the same connection do not destructively
+ interfere with each other. Flow control is used for both individual
+ streams and for the connection as a whole.
+
+ HTTP/2 provides for flow control through use of the WINDOW_UPDATE
+ frame (Section 6.9).
+
+
+
+
+
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 22]
+
+RFC 7540 HTTP/2 May 2015
+
+
+5.2.1. Flow-Control Principles
+
+ HTTP/2 stream flow control aims to allow a variety of flow-control
+ algorithms to be used without requiring protocol changes. Flow
+ control in HTTP/2 has the following characteristics:
+
+ 1. Flow control is specific to a connection. Both types of flow
+ control are between the endpoints of a single hop and not over
+ the entire end-to-end path.
+
+ 2. Flow control is based on WINDOW_UPDATE frames. Receivers
+ advertise how many octets they are prepared to receive on a
+ stream and for the entire connection. This is a credit-based
+ scheme.
+
+ 3. Flow control is directional with overall control provided by the
+ receiver. A receiver MAY choose to set any window size that it
+ desires for each stream and for the entire connection. A sender
+ MUST respect flow-control limits imposed by a receiver. Clients,
+ servers, and intermediaries all independently advertise their
+ flow-control window as a receiver and abide by the flow-control
+ limits set by their peer when sending.
+
+ 4. The initial value for the flow-control window is 65,535 octets
+ for both new streams and the overall connection.
+
+ 5. The frame type determines whether flow control applies to a
+ frame. Of the frames specified in this document, only DATA
+ frames are subject to flow control; all other frame types do not
+ consume space in the advertised flow-control window. This
+ ensures that important control frames are not blocked by flow
+ control.
+
+ 6. Flow control cannot be disabled.
+
+ 7. HTTP/2 defines only the format and semantics of the WINDOW_UPDATE
+ frame (Section 6.9). This document does not stipulate how a
+ receiver decides when to send this frame or the value that it
+ sends, nor does it specify how a sender chooses to send packets.
+ Implementations are able to select any algorithm that suits their
+ needs.
+
+ Implementations are also responsible for managing how requests and
+ responses are sent based on priority, choosing how to avoid head-of-
+ line blocking for requests, and managing the creation of new streams.
+ Algorithm choices for these could interact with any flow-control
+ algorithm.
+
+
+
+
+Belshe, et al. Standards Track [Page 23]
+
+RFC 7540 HTTP/2 May 2015
+
+
+5.2.2. Appropriate Use of Flow Control
+
+ Flow control is defined to protect endpoints that are operating under
+ resource constraints. For example, a proxy needs to share memory
+ between many connections and also might have a slow upstream
+ connection and a fast downstream one. Flow-control addresses cases
+ where the receiver is unable to process data on one stream yet wants
+ to continue to process other streams in the same connection.
+
+ Deployments that do not require this capability can advertise a flow-
+ control window of the maximum size (2^31-1) and can maintain this
+ window by sending a WINDOW_UPDATE frame when any data is received.
+ This effectively disables flow control for that receiver.
+ Conversely, a sender is always subject to the flow-control window
+ advertised by the receiver.
+
+ Deployments with constrained resources (for example, memory) can
+ employ flow control to limit the amount of memory a peer can consume.
+ Note, however, that this can lead to suboptimal use of available
+ network resources if flow control is enabled without knowledge of the
+ bandwidth-delay product (see [RFC7323]).
+
+ Even with full awareness of the current bandwidth-delay product,
+ implementation of flow control can be difficult. When using flow
+ control, the receiver MUST read from the TCP receive buffer in a
+ timely fashion. Failure to do so could lead to a deadlock when
+ critical frames, such as WINDOW_UPDATE, are not read and acted upon.
+
+5.3. Stream Priority
+
+ A client can assign a priority for a new stream by including
+ prioritization information in the HEADERS frame (Section 6.2) that
+ opens the stream. At any other time, the PRIORITY frame
+ (Section 6.3) can be used to change the priority of a stream.
+
+ The purpose of prioritization is to allow an endpoint to express how
+ it would prefer its peer to allocate resources when managing
+ concurrent streams. Most importantly, priority can be used to select
+ streams for transmitting frames when there is limited capacity for
+ sending.
+
+ Streams can be prioritized by marking them as dependent on the
+ completion of other streams (Section 5.3.1). Each dependency is
+ assigned a relative weight, a number that is used to determine the
+ relative proportion of available resources that are assigned to
+ streams dependent on the same stream.
+
+
+
+
+
+Belshe, et al. Standards Track [Page 24]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ Explicitly setting the priority for a stream is input to a
+ prioritization process. It does not guarantee any particular
+ processing or transmission order for the stream relative to any other
+ stream. An endpoint cannot force a peer to process concurrent
+ streams in a particular order using priority. Expressing priority is
+ therefore only a suggestion.
+
+ Prioritization information can be omitted from messages. Defaults
+ are used prior to any explicit values being provided (Section 5.3.5).
+
+5.3.1. Stream Dependencies
+
+ Each stream can be given an explicit dependency on another stream.
+ Including a dependency expresses a preference to allocate resources
+ to the identified stream rather than to the dependent stream.
+
+ A stream that is not dependent on any other stream is given a stream
+ dependency of 0x0. In other words, the non-existent stream 0 forms
+ the root of the tree.
+
+ A stream that depends on another stream is a dependent stream. The
+ stream upon which a stream is dependent is a parent stream. A
+ dependency on a stream that is not currently in the tree -- such as a
+ stream in the "idle" state -- results in that stream being given a
+ default priority (Section 5.3.5).
+
+ When assigning a dependency on another stream, the stream is added as
+ a new dependency of the parent stream. Dependent streams that share
+ the same parent are not ordered with respect to each other. For
+ example, if streams B and C are dependent on stream A, and if stream
+ D is created with a dependency on stream A, this results in a
+ dependency order of A followed by B, C, and D in any order.
+
+ A A
+ / \ ==> /|\
+ B C B D C
+
+ Figure 3: Example of Default Dependency Creation
+
+ An exclusive flag allows for the insertion of a new level of
+ dependencies. The exclusive flag causes the stream to become the
+ sole dependency of its parent stream, causing other dependencies to
+ become dependent on the exclusive stream. In the previous example,
+ if stream D is created with an exclusive dependency on stream A, this
+ results in D becoming the dependency parent of B and C.
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 25]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ A
+ A |
+ / \ ==> D
+ B C / \
+ B C
+
+ Figure 4: Example of Exclusive Dependency Creation
+
+ Inside the dependency tree, a dependent stream SHOULD only be
+ allocated resources if either all of the streams that it depends on
+ (the chain of parent streams up to 0x0) are closed or it is not
+ possible to make progress on them.
+
+ A stream cannot depend on itself. An endpoint MUST treat this as a
+ stream error (Section 5.4.2) of type PROTOCOL_ERROR.
+
+5.3.2. Dependency Weighting
+
+ All dependent streams are allocated an integer weight between 1 and
+ 256 (inclusive).
+
+ Streams with the same parent SHOULD be allocated resources
+ proportionally based on their weight. Thus, if stream B depends on
+ stream A with weight 4, stream C depends on stream A with weight 12,
+ and no progress can be made on stream A, stream B ideally receives
+ one-third of the resources allocated to stream C.
+
+5.3.3. Reprioritization
+
+ Stream priorities are changed using the PRIORITY frame. Setting a
+ dependency causes a stream to become dependent on the identified
+ parent stream.
+
+ Dependent streams move with their parent stream if the parent is
+ reprioritized. Setting a dependency with the exclusive flag for a
+ reprioritized stream causes all the dependencies of the new parent
+ stream to become dependent on the reprioritized stream.
+
+ If a stream is made dependent on one of its own dependencies, the
+ formerly dependent stream is first moved to be dependent on the
+ reprioritized stream's previous parent. The moved dependency retains
+ its weight.
+
+ For example, consider an original dependency tree where B and C
+ depend on A, D and E depend on C, and F depends on D. If A is made
+ dependent on D, then D takes the place of A. All other dependency
+ relationships stay the same, except for F, which becomes dependent on
+ A if the reprioritization is exclusive.
+
+
+
+Belshe, et al. Standards Track [Page 26]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ x x x x
+ | / \ | |
+ A D A D D
+ / \ / / \ / \ |
+ B C ==> F B C ==> F A OR A
+ / \ | / \ /|\
+ D E E B C B C F
+ | | |
+ F E E
+ (intermediate) (non-exclusive) (exclusive)
+
+ Figure 5: Example of Dependency Reordering
+
+5.3.4. Prioritization State Management
+
+ When a stream is removed from the dependency tree, its dependencies
+ can be moved to become dependent on the parent of the closed stream.
+ The weights of new dependencies are recalculated by distributing the
+ weight of the dependency of the closed stream proportionally based on
+ the weights of its dependencies.
+
+ Streams that are removed from the dependency tree cause some
+ prioritization information to be lost. Resources are shared between
+ streams with the same parent stream, which means that if a stream in
+ that set closes or becomes blocked, any spare capacity allocated to a
+ stream is distributed to the immediate neighbors of the stream.
+ However, if the common dependency is removed from the tree, those
+ streams share resources with streams at the next highest level.
+
+ For example, assume streams A and B share a parent, and streams C and
+ D both depend on stream A. Prior to the removal of stream A, if
+ streams A and D are unable to proceed, then stream C receives all the
+ resources dedicated to stream A. If stream A is removed from the
+ tree, the weight of stream A is divided between streams C and D. If
+ stream D is still unable to proceed, this results in stream C
+ receiving a reduced proportion of resources. For equal starting
+ weights, C receives one third, rather than one half, of available
+ resources.
+
+ It is possible for a stream to become closed while prioritization
+ information that creates a dependency on that stream is in transit.
+ If a stream identified in a dependency has no associated priority
+ information, then the dependent stream is instead assigned a default
+ priority (Section 5.3.5). This potentially creates suboptimal
+ prioritization, since the stream could be given a priority that is
+ different from what is intended.
+
+
+
+
+
+Belshe, et al. Standards Track [Page 27]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ To avoid these problems, an endpoint SHOULD retain stream
+ prioritization state for a period after streams become closed. The
+ longer state is retained, the lower the chance that streams are
+ assigned incorrect or default priority values.
+
+ Similarly, streams that are in the "idle" state can be assigned
+ priority or become a parent of other streams. This allows for the
+ creation of a grouping node in the dependency tree, which enables
+ more flexible expressions of priority. Idle streams begin with a
+ default priority (Section 5.3.5).
+
+ The retention of priority information for streams that are not
+ counted toward the limit set by SETTINGS_MAX_CONCURRENT_STREAMS could
+ create a large state burden for an endpoint. Therefore, the amount
+ of prioritization state that is retained MAY be limited.
+
+ The amount of additional state an endpoint maintains for
+ prioritization could be dependent on load; under high load,
+ prioritization state can be discarded to limit resource commitments.
+ In extreme cases, an endpoint could even discard prioritization state
+ for active or reserved streams. If a limit is applied, endpoints
+ SHOULD maintain state for at least as many streams as allowed by
+ their setting for SETTINGS_MAX_CONCURRENT_STREAMS. Implementations
+ SHOULD also attempt to retain state for streams that are in active
+ use in the priority tree.
+
+ If it has retained enough state to do so, an endpoint receiving a
+ PRIORITY frame that changes the priority of a closed stream SHOULD
+ alter the dependencies of the streams that depend on it.
+
+5.3.5. Default Priorities
+
+ All streams are initially assigned a non-exclusive dependency on
+ stream 0x0. Pushed streams (Section 8.2) initially depend on their
+ associated stream. In both cases, streams are assigned a default
+ weight of 16.
+
+5.4. Error Handling
+
+ HTTP/2 framing permits two classes of error:
+
+ o An error condition that renders the entire connection unusable is
+ a connection error.
+
+ o An error in an individual stream is a stream error.
+
+ A list of error codes is included in Section 7.
+
+
+
+
+Belshe, et al. Standards Track [Page 28]
+
+RFC 7540 HTTP/2 May 2015
+
+
+5.4.1. Connection Error Handling
+
+ A connection error is any error that prevents further processing of
+ the frame layer or corrupts any connection state.
+
+ An endpoint that encounters a connection error SHOULD first send a
+ GOAWAY frame (Section 6.8) with the stream identifier of the last
+ stream that it successfully received from its peer. The GOAWAY frame
+ includes an error code that indicates why the connection is
+ terminating. After sending the GOAWAY frame for an error condition,
+ the endpoint MUST close the TCP connection.
+
+ It is possible that the GOAWAY will not be reliably received by the
+ receiving endpoint ([RFC7230], Section 6.6 describes how an immediate
+ connection close can result in data loss). In the event of a
+ connection error, GOAWAY only provides a best-effort attempt to
+ communicate with the peer about why the connection is being
+ terminated.
+
+ An endpoint can end a connection at any time. In particular, an
+ endpoint MAY choose to treat a stream error as a connection error.
+ Endpoints SHOULD send a GOAWAY frame when ending a connection,
+ providing that circumstances permit it.
+
+5.4.2. Stream Error Handling
+
+ A stream error is an error related to a specific stream that does not
+ affect processing of other streams.
+
+ An endpoint that detects a stream error sends a RST_STREAM frame
+ (Section 6.4) that contains the stream identifier of the stream where
+ the error occurred. The RST_STREAM frame includes an error code that
+ indicates the type of error.
+
+ A RST_STREAM is the last frame that an endpoint can send on a stream.
+ The peer that sends the RST_STREAM frame MUST be prepared to receive
+ any frames that were sent or enqueued for sending by the remote peer.
+ These frames can be ignored, except where they modify connection
+ state (such as the state maintained for header compression
+ (Section 4.3) or flow control).
+
+ Normally, an endpoint SHOULD NOT send more than one RST_STREAM frame
+ for any stream. However, an endpoint MAY send additional RST_STREAM
+ frames if it receives frames on a closed stream after more than a
+ round-trip time. This behavior is permitted to deal with misbehaving
+ implementations.
+
+
+
+
+
+Belshe, et al. Standards Track [Page 29]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ To avoid looping, an endpoint MUST NOT send a RST_STREAM in response
+ to a RST_STREAM frame.
+
+5.4.3. Connection Termination
+
+ If the TCP connection is closed or reset while streams remain in
+ "open" or "half-closed" state, then the affected streams cannot be
+ automatically retried (see Section 8.1.4 for details).
+
+5.5. Extending HTTP/2
+
+ HTTP/2 permits extension of the protocol. Within the limitations
+ described in this section, protocol extensions can be used to provide
+ additional services or alter any aspect of the protocol. Extensions
+ are effective only within the scope of a single HTTP/2 connection.
+
+ This applies to the protocol elements defined in this document. This
+ does not affect the existing options for extending HTTP, such as
+ defining new methods, status codes, or header fields.
+
+ Extensions are permitted to use new frame types (Section 4.1), new
+ settings (Section 6.5.2), or new error codes (Section 7). Registries
+ are established for managing these extension points: frame types
+ (Section 11.2), settings (Section 11.3), and error codes
+ (Section 11.4).
+
+ Implementations MUST ignore unknown or unsupported values in all
+ extensible protocol elements. Implementations MUST discard frames
+ that have unknown or unsupported types. This means that any of these
+ extension points can be safely used by extensions without prior
+ arrangement or negotiation. However, extension frames that appear in
+ the middle of a header block (Section 4.3) are not permitted; these
+ MUST be treated as a connection error (Section 5.4.1) of type
+ PROTOCOL_ERROR.
+
+ Extensions that could change the semantics of existing protocol
+ components MUST be negotiated before being used. For example, an
+ extension that changes the layout of the HEADERS frame cannot be used
+ until the peer has given a positive signal that this is acceptable.
+ In this case, it could also be necessary to coordinate when the
+ revised layout comes into effect. Note that treating any frames
+ other than DATA frames as flow controlled is such a change in
+ semantics and can only be done through negotiation.
+
+ This document doesn't mandate a specific method for negotiating the
+ use of an extension but notes that a setting (Section 6.5.2) could be
+ used for that purpose. If both peers set a value that indicates
+ willingness to use the extension, then the extension can be used. If
+
+
+
+Belshe, et al. Standards Track [Page 30]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ a setting is used for extension negotiation, the initial value MUST
+ be defined in such a fashion that the extension is initially
+ disabled.
+
+6. Frame Definitions
+
+ This specification defines a number of frame types, each identified
+ by a unique 8-bit type code. Each frame type serves a distinct
+ purpose in the establishment and management either of the connection
+ as a whole or of individual streams.
+
+ The transmission of specific frame types can alter the state of a
+ connection. If endpoints fail to maintain a synchronized view of the
+ connection state, successful communication within the connection will
+ no longer be possible. Therefore, it is important that endpoints
+ have a shared comprehension of how the state is affected by the use
+ any given frame.
+
+6.1. DATA
+
+ DATA frames (type=0x0) convey arbitrary, variable-length sequences of
+ octets associated with a stream. One or more DATA frames are used,
+ for instance, to carry HTTP request or response payloads.
+
+ DATA frames MAY also contain padding. Padding can be added to DATA
+ frames to obscure the size of messages. Padding is a security
+ feature; see Section 10.7.
+
+ +---------------+
+ |Pad Length? (8)|
+ +---------------+-----------------------------------------------+
+ | Data (*) ...
+ +---------------------------------------------------------------+
+ | Padding (*) ...
+ +---------------------------------------------------------------+
+
+ Figure 6: DATA Frame Payload
+
+ The DATA frame contains the following fields:
+
+ Pad Length: An 8-bit field containing the length of the frame
+ padding in units of octets. This field is conditional (as
+ signified by a "?" in the diagram) and is only present if the
+ PADDED flag is set.
+
+ Data: Application data. The amount of data is the remainder of the
+ frame payload after subtracting the length of the other fields
+ that are present.
+
+
+
+Belshe, et al. Standards Track [Page 31]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ Padding: Padding octets that contain no application semantic value.
+ Padding octets MUST be set to zero when sending. A receiver is
+ not obligated to verify padding but MAY treat non-zero padding as
+ a connection error (Section 5.4.1) of type PROTOCOL_ERROR.
+
+ The DATA frame defines the following flags:
+
+ END_STREAM (0x1): When set, bit 0 indicates that this frame is the
+ last that the endpoint will send for the identified stream.
+ Setting this flag causes the stream to enter one of the "half-
+ closed" states or the "closed" state (Section 5.1).
+
+ PADDED (0x8): When set, bit 3 indicates that the Pad Length field
+ and any padding that it describes are present.
+
+ DATA frames MUST be associated with a stream. If a DATA frame is
+ received whose stream identifier field is 0x0, the recipient MUST
+ respond with a connection error (Section 5.4.1) of type
+ PROTOCOL_ERROR.
+
+ DATA frames are subject to flow control and can only be sent when a
+ stream is in the "open" or "half-closed (remote)" state. The entire
+ DATA frame payload is included in flow control, including the Pad
+ Length and Padding fields if present. If a DATA frame is received
+ whose stream is not in "open" or "half-closed (local)" state, the
+ recipient MUST respond with a stream error (Section 5.4.2) of type
+ STREAM_CLOSED.
+
+ The total number of padding octets is determined by the value of the
+ Pad Length field. If the length of the padding is the length of the
+ frame payload or greater, the recipient MUST treat this as a
+ connection error (Section 5.4.1) of type PROTOCOL_ERROR.
+
+ Note: A frame can be increased in size by one octet by including a
+ Pad Length field with a value of zero.
+
+6.2. HEADERS
+
+ The HEADERS frame (type=0x1) is used to open a stream (Section 5.1),
+ and additionally carries a header block fragment. HEADERS frames can
+ be sent on a stream in the "idle", "reserved (local)", "open", or
+ "half-closed (remote)" state.
+
+
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 32]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ +---------------+
+ |Pad Length? (8)|
+ +-+-------------+-----------------------------------------------+
+ |E| Stream Dependency? (31) |
+ +-+-------------+-----------------------------------------------+
+ | Weight? (8) |
+ +-+-------------+-----------------------------------------------+
+ | Header Block Fragment (*) ...
+ +---------------------------------------------------------------+
+ | Padding (*) ...
+ +---------------------------------------------------------------+
+
+ Figure 7: HEADERS Frame Payload
+
+ The HEADERS frame payload has the following fields:
+
+ Pad Length: An 8-bit field containing the length of the frame
+ padding in units of octets. This field is only present if the
+ PADDED flag is set.
+
+ E: A single-bit flag indicating that the stream dependency is
+ exclusive (see Section 5.3). This field is only present if the
+ PRIORITY flag is set.
+
+ Stream Dependency: A 31-bit stream identifier for the stream that
+ this stream depends on (see Section 5.3). This field is only
+ present if the PRIORITY flag is set.
+
+ Weight: An unsigned 8-bit integer representing a priority weight for
+ the stream (see Section 5.3). Add one to the value to obtain a
+ weight between 1 and 256. This field is only present if the
+ PRIORITY flag is set.
+
+ Header Block Fragment: A header block fragment (Section 4.3).
+
+ Padding: Padding octets.
+
+ The HEADERS frame defines the following flags:
+
+ END_STREAM (0x1): When set, bit 0 indicates that the header block
+ (Section 4.3) is the last that the endpoint will send for the
+ identified stream.
+
+ A HEADERS frame carries the END_STREAM flag that signals the end
+ of a stream. However, a HEADERS frame with the END_STREAM flag
+ set can be followed by CONTINUATION frames on the same stream.
+ Logically, the CONTINUATION frames are part of the HEADERS frame.
+
+
+
+
+Belshe, et al. Standards Track [Page 33]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ END_HEADERS (0x4): When set, bit 2 indicates that this frame
+ contains an entire header block (Section 4.3) and is not followed
+ by any CONTINUATION frames.
+
+ A HEADERS frame without the END_HEADERS flag set MUST be followed
+ by a CONTINUATION frame for the same stream. A receiver MUST
+ treat the receipt of any other type of frame or a frame on a
+ different stream as a connection error (Section 5.4.1) of type
+ PROTOCOL_ERROR.
+
+ PADDED (0x8): When set, bit 3 indicates that the Pad Length field
+ and any padding that it describes are present.
+
+ PRIORITY (0x20): When set, bit 5 indicates that the Exclusive Flag
+ (E), Stream Dependency, and Weight fields are present; see
+ Section 5.3.
+
+ The payload of a HEADERS frame contains a header block fragment
+ (Section 4.3). A header block that does not fit within a HEADERS
+ frame is continued in a CONTINUATION frame (Section 6.10).
+
+ HEADERS frames MUST be associated with a stream. If a HEADERS frame
+ is received whose stream identifier field is 0x0, the recipient MUST
+ respond with a connection error (Section 5.4.1) of type
+ PROTOCOL_ERROR.
+
+ The HEADERS frame changes the connection state as described in
+ Section 4.3.
+
+ The HEADERS frame can include padding. Padding fields and flags are
+ identical to those defined for DATA frames (Section 6.1). Padding
+ that exceeds the size remaining for the header block fragment MUST be
+ treated as a PROTOCOL_ERROR.
+
+ Prioritization information in a HEADERS frame is logically equivalent
+ to a separate PRIORITY frame, but inclusion in HEADERS avoids the
+ potential for churn in stream prioritization when new streams are
+ created. Prioritization fields in HEADERS frames subsequent to the
+ first on a stream reprioritize the stream (Section 5.3.3).
+
+6.3. PRIORITY
+
+ The PRIORITY frame (type=0x2) specifies the sender-advised priority
+ of a stream (Section 5.3). It can be sent in any stream state,
+ including idle or closed streams.
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 34]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ +-+-------------------------------------------------------------+
+ |E| Stream Dependency (31) |
+ +-+-------------+-----------------------------------------------+
+ | Weight (8) |
+ +-+-------------+
+
+ Figure 8: PRIORITY Frame Payload
+
+ The payload of a PRIORITY frame contains the following fields:
+
+ E: A single-bit flag indicating that the stream dependency is
+ exclusive (see Section 5.3).
+
+ Stream Dependency: A 31-bit stream identifier for the stream that
+ this stream depends on (see Section 5.3).
+
+ Weight: An unsigned 8-bit integer representing a priority weight for
+ the stream (see Section 5.3). Add one to the value to obtain a
+ weight between 1 and 256.
+
+ The PRIORITY frame does not define any flags.
+
+ The PRIORITY frame always identifies a stream. If a PRIORITY frame
+ is received with a stream identifier of 0x0, the recipient MUST
+ respond with a connection error (Section 5.4.1) of type
+ PROTOCOL_ERROR.
+
+ The PRIORITY frame can be sent on a stream in any state, though it
+ cannot be sent between consecutive frames that comprise a single
+ header block (Section 4.3). Note that this frame could arrive after
+ processing or frame sending has completed, which would cause it to
+ have no effect on the identified stream. For a stream that is in the
+ "half-closed (remote)" or "closed" state, this frame can only affect
+ processing of the identified stream and its dependent streams; it
+ does not affect frame transmission on that stream.
+
+ The PRIORITY frame can be sent for a stream in the "idle" or "closed"
+ state. This allows for the reprioritization of a group of dependent
+ streams by altering the priority of an unused or closed parent
+ stream.
+
+ A PRIORITY frame with a length other than 5 octets MUST be treated as
+ a stream error (Section 5.4.2) of type FRAME_SIZE_ERROR.
+
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 35]
+
+RFC 7540 HTTP/2 May 2015
+
+
+6.4. RST_STREAM
+
+ The RST_STREAM frame (type=0x3) allows for immediate termination of a
+ stream. RST_STREAM is sent to request cancellation of a stream or to
+ indicate that an error condition has occurred.
+
+ +---------------------------------------------------------------+
+ | Error Code (32) |
+ +---------------------------------------------------------------+
+
+ Figure 9: RST_STREAM Frame Payload
+
+ The RST_STREAM frame contains a single unsigned, 32-bit integer
+ identifying the error code (Section 7). The error code indicates why
+ the stream is being terminated.
+
+ The RST_STREAM frame does not define any flags.
+
+ The RST_STREAM frame fully terminates the referenced stream and
+ causes it to enter the "closed" state. After receiving a RST_STREAM
+ on a stream, the receiver MUST NOT send additional frames for that
+ stream, with the exception of PRIORITY. However, after sending the
+ RST_STREAM, the sending endpoint MUST be prepared to receive and
+ process additional frames sent on the stream that might have been
+ sent by the peer prior to the arrival of the RST_STREAM.
+
+ RST_STREAM frames MUST be associated with a stream. If a RST_STREAM
+ frame is received with a stream identifier of 0x0, the recipient MUST
+ treat this as a connection error (Section 5.4.1) of type
+ PROTOCOL_ERROR.
+
+ RST_STREAM frames MUST NOT be sent for a stream in the "idle" state.
+ If a RST_STREAM frame identifying an idle stream is received, the
+ recipient MUST treat this as a connection error (Section 5.4.1) of
+ type PROTOCOL_ERROR.
+
+ A RST_STREAM frame with a length other than 4 octets MUST be treated
+ as a connection error (Section 5.4.1) of type FRAME_SIZE_ERROR.
+
+6.5. SETTINGS
+
+ The SETTINGS frame (type=0x4) conveys configuration parameters that
+ affect how endpoints communicate, such as preferences and constraints
+ on peer behavior. The SETTINGS frame is also used to acknowledge the
+ receipt of those parameters. Individually, a SETTINGS parameter can
+ also be referred to as a "setting".
+
+
+
+
+
+Belshe, et al. Standards Track [Page 36]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ SETTINGS parameters are not negotiated; they describe characteristics
+ of the sending peer, which are used by the receiving peer. Different
+ values for the same parameter can be advertised by each peer. For
+ example, a client might set a high initial flow-control window,
+ whereas a server might set a lower value to conserve resources.
+
+ A SETTINGS frame MUST be sent by both endpoints at the start of a
+ connection and MAY be sent at any other time by either endpoint over
+ the lifetime of the connection. Implementations MUST support all of
+ the parameters defined by this specification.
+
+ Each parameter in a SETTINGS frame replaces any existing value for
+ that parameter. Parameters are processed in the order in which they
+ appear, and a receiver of a SETTINGS frame does not need to maintain
+ any state other than the current value of its parameters. Therefore,
+ the value of a SETTINGS parameter is the last value that is seen by a
+ receiver.
+
+ SETTINGS parameters are acknowledged by the receiving peer. To
+ enable this, the SETTINGS frame defines the following flag:
+
+ ACK (0x1): When set, bit 0 indicates that this frame acknowledges
+ receipt and application of the peer's SETTINGS frame. When this
+ bit is set, the payload of the SETTINGS frame MUST be empty.
+ Receipt of a SETTINGS frame with the ACK flag set and a length
+ field value other than 0 MUST be treated as a connection error
+ (Section 5.4.1) of type FRAME_SIZE_ERROR. For more information,
+ see Section 6.5.3 ("Settings Synchronization").
+
+ SETTINGS frames always apply to a connection, never a single stream.
+ The stream identifier for a SETTINGS frame MUST be zero (0x0). If an
+ endpoint receives a SETTINGS frame whose stream identifier field is
+ anything other than 0x0, the endpoint MUST respond with a connection
+ error (Section 5.4.1) of type PROTOCOL_ERROR.
+
+ The SETTINGS frame affects connection state. A badly formed or
+ incomplete SETTINGS frame MUST be treated as a connection error
+ (Section 5.4.1) of type PROTOCOL_ERROR.
+
+ A SETTINGS frame with a length other than a multiple of 6 octets MUST
+ be treated as a connection error (Section 5.4.1) of type
+ FRAME_SIZE_ERROR.
+
+
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 37]
+
+RFC 7540 HTTP/2 May 2015
+
+
+6.5.1. SETTINGS Format
+
+ The payload of a SETTINGS frame consists of zero or more parameters,
+ each consisting of an unsigned 16-bit setting identifier and an
+ unsigned 32-bit value.
+
+ +-------------------------------+
+ | Identifier (16) |
+ +-------------------------------+-------------------------------+
+ | Value (32) |
+ +---------------------------------------------------------------+
+
+ Figure 10: Setting Format
+
+6.5.2. Defined SETTINGS Parameters
+
+ The following parameters are defined:
+
+ SETTINGS_HEADER_TABLE_SIZE (0x1): Allows the sender to inform the
+ remote endpoint of the maximum size of the header compression
+ table used to decode header blocks, in octets. The encoder can
+ select any size equal to or less than this value by using
+ signaling specific to the header compression format inside a
+ header block (see [COMPRESSION]). The initial value is 4,096
+ octets.
+
+ SETTINGS_ENABLE_PUSH (0x2): This setting can be used to disable
+ server push (Section 8.2). An endpoint MUST NOT send a
+ PUSH_PROMISE frame if it receives this parameter set to a value of
+ 0. An endpoint that has both set this parameter to 0 and had it
+ acknowledged MUST treat the receipt of a PUSH_PROMISE frame as a
+ connection error (Section 5.4.1) of type PROTOCOL_ERROR.
+
+ The initial value is 1, which indicates that server push is
+ permitted. Any value other than 0 or 1 MUST be treated as a
+ connection error (Section 5.4.1) of type PROTOCOL_ERROR.
+
+ SETTINGS_MAX_CONCURRENT_STREAMS (0x3): Indicates the maximum number
+ of concurrent streams that the sender will allow. This limit is
+ directional: it applies to the number of streams that the sender
+ permits the receiver to create. Initially, there is no limit to
+ this value. It is recommended that this value be no smaller than
+ 100, so as to not unnecessarily limit parallelism.
+
+ A value of 0 for SETTINGS_MAX_CONCURRENT_STREAMS SHOULD NOT be
+ treated as special by endpoints. A zero value does prevent the
+ creation of new streams; however, this can also happen for any
+
+
+
+
+Belshe, et al. Standards Track [Page 38]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ limit that is exhausted with active streams. Servers SHOULD only
+ set a zero value for short durations; if a server does not wish to
+ accept requests, closing the connection is more appropriate.
+
+ SETTINGS_INITIAL_WINDOW_SIZE (0x4): Indicates the sender's initial
+ window size (in octets) for stream-level flow control. The
+ initial value is 2^16-1 (65,535) octets.
+
+ This setting affects the window size of all streams (see
+ Section 6.9.2).
+
+ Values above the maximum flow-control window size of 2^31-1 MUST
+ be treated as a connection error (Section 5.4.1) of type
+ FLOW_CONTROL_ERROR.
+
+ SETTINGS_MAX_FRAME_SIZE (0x5): Indicates the size of the largest
+ frame payload that the sender is willing to receive, in octets.
+
+ The initial value is 2^14 (16,384) octets. The value advertised
+ by an endpoint MUST be between this initial value and the maximum
+ allowed frame size (2^24-1 or 16,777,215 octets), inclusive.
+ Values outside this range MUST be treated as a connection error
+ (Section 5.4.1) of type PROTOCOL_ERROR.
+
+ SETTINGS_MAX_HEADER_LIST_SIZE (0x6): This advisory setting informs a
+ peer of the maximum size of header list that the sender is
+ prepared to accept, in octets. The value is based on the
+ uncompressed size of header fields, including the length of the
+ name and value in octets plus an overhead of 32 octets for each
+ header field.
+
+ For any given request, a lower limit than what is advertised MAY
+ be enforced. The initial value of this setting is unlimited.
+
+ An endpoint that receives a SETTINGS frame with any unknown or
+ unsupported identifier MUST ignore that setting.
+
+6.5.3. Settings Synchronization
+
+ Most values in SETTINGS benefit from or require an understanding of
+ when the peer has received and applied the changed parameter values.
+ In order to provide such synchronization timepoints, the recipient of
+ a SETTINGS frame in which the ACK flag is not set MUST apply the
+ updated parameters as soon as possible upon receipt.
+
+ The values in the SETTINGS frame MUST be processed in the order they
+ appear, with no other frame processing between values. Unsupported
+ parameters MUST be ignored. Once all values have been processed, the
+
+
+
+Belshe, et al. Standards Track [Page 39]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ recipient MUST immediately emit a SETTINGS frame with the ACK flag
+ set. Upon receiving a SETTINGS frame with the ACK flag set, the
+ sender of the altered parameters can rely on the setting having been
+ applied.
+
+ If the sender of a SETTINGS frame does not receive an acknowledgement
+ within a reasonable amount of time, it MAY issue a connection error
+ (Section 5.4.1) of type SETTINGS_TIMEOUT.
+
+6.6. PUSH_PROMISE
+
+ The PUSH_PROMISE frame (type=0x5) is used to notify the peer endpoint
+ in advance of streams the sender intends to initiate. The
+ PUSH_PROMISE frame includes the unsigned 31-bit identifier of the
+ stream the endpoint plans to create along with a set of headers that
+ provide additional context for the stream. Section 8.2 contains a
+ thorough description of the use of PUSH_PROMISE frames.
+
+ +---------------+
+ |Pad Length? (8)|
+ +-+-------------+-----------------------------------------------+
+ |R| Promised Stream ID (31) |
+ +-+-----------------------------+-------------------------------+
+ | Header Block Fragment (*) ...
+ +---------------------------------------------------------------+
+ | Padding (*) ...
+ +---------------------------------------------------------------+
+
+ Figure 11: PUSH_PROMISE Payload Format
+
+ The PUSH_PROMISE frame payload has the following fields:
+
+ Pad Length: An 8-bit field containing the length of the frame
+ padding in units of octets. This field is only present if the
+ PADDED flag is set.
+
+ R: A single reserved bit.
+
+ Promised Stream ID: An unsigned 31-bit integer that identifies the
+ stream that is reserved by the PUSH_PROMISE. The promised stream
+ identifier MUST be a valid choice for the next stream sent by the
+ sender (see "new stream identifier" in Section 5.1.1).
+
+ Header Block Fragment: A header block fragment (Section 4.3)
+ containing request header fields.
+
+ Padding: Padding octets.
+
+
+
+
+Belshe, et al. Standards Track [Page 40]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ The PUSH_PROMISE frame defines the following flags:
+
+ END_HEADERS (0x4): When set, bit 2 indicates that this frame
+ contains an entire header block (Section 4.3) and is not followed
+ by any CONTINUATION frames.
+
+ A PUSH_PROMISE frame without the END_HEADERS flag set MUST be
+ followed by a CONTINUATION frame for the same stream. A receiver
+ MUST treat the receipt of any other type of frame or a frame on a
+ different stream as a connection error (Section 5.4.1) of type
+ PROTOCOL_ERROR.
+
+ PADDED (0x8): When set, bit 3 indicates that the Pad Length field
+ and any padding that it describes are present.
+
+ PUSH_PROMISE frames MUST only be sent on a peer-initiated stream that
+ is in either the "open" or "half-closed (remote)" state. The stream
+ identifier of a PUSH_PROMISE frame indicates the stream it is
+ associated with. If the stream identifier field specifies the value
+ 0x0, a recipient MUST respond with a connection error (Section 5.4.1)
+ of type PROTOCOL_ERROR.
+
+ Promised streams are not required to be used in the order they are
+ promised. The PUSH_PROMISE only reserves stream identifiers for
+ later use.
+
+ PUSH_PROMISE MUST NOT be sent if the SETTINGS_ENABLE_PUSH setting of
+ the peer endpoint is set to 0. An endpoint that has set this setting
+ and has received acknowledgement MUST treat the receipt of a
+ PUSH_PROMISE frame as a connection error (Section 5.4.1) of type
+ PROTOCOL_ERROR.
+
+ Recipients of PUSH_PROMISE frames can choose to reject promised
+ streams by returning a RST_STREAM referencing the promised stream
+ identifier back to the sender of the PUSH_PROMISE.
+
+ A PUSH_PROMISE frame modifies the connection state in two ways.
+ First, the inclusion of a header block (Section 4.3) potentially
+ modifies the state maintained for header compression. Second,
+ PUSH_PROMISE also reserves a stream for later use, causing the
+ promised stream to enter the "reserved" state. A sender MUST NOT
+ send a PUSH_PROMISE on a stream unless that stream is either "open"
+ or "half-closed (remote)"; the sender MUST ensure that the promised
+ stream is a valid choice for a new stream identifier (Section 5.1.1)
+ (that is, the promised stream MUST be in the "idle" state).
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 41]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ Since PUSH_PROMISE reserves a stream, ignoring a PUSH_PROMISE frame
+ causes the stream state to become indeterminate. A receiver MUST
+ treat the receipt of a PUSH_PROMISE on a stream that is neither
+ "open" nor "half-closed (local)" as a connection error
+ (Section 5.4.1) of type PROTOCOL_ERROR. However, an endpoint that
+ has sent RST_STREAM on the associated stream MUST handle PUSH_PROMISE
+ frames that might have been created before the RST_STREAM frame is
+ received and processed.
+
+ A receiver MUST treat the receipt of a PUSH_PROMISE that promises an
+ illegal stream identifier (Section 5.1.1) as a connection error
+ (Section 5.4.1) of type PROTOCOL_ERROR. Note that an illegal stream
+ identifier is an identifier for a stream that is not currently in the
+ "idle" state.
+
+ The PUSH_PROMISE frame can include padding. Padding fields and flags
+ are identical to those defined for DATA frames (Section 6.1).
+
+6.7. PING
+
+ The PING frame (type=0x6) is a mechanism for measuring a minimal
+ round-trip time from the sender, as well as determining whether an
+ idle connection is still functional. PING frames can be sent from
+ any endpoint.
+
+ +---------------------------------------------------------------+
+ | |
+ | Opaque Data (64) |
+ | |
+ +---------------------------------------------------------------+
+
+ Figure 12: PING Payload Format
+
+ In addition to the frame header, PING frames MUST contain 8 octets of
+ opaque data in the payload. A sender can include any value it
+ chooses and use those octets in any fashion.
+
+ Receivers of a PING frame that does not include an ACK flag MUST send
+ a PING frame with the ACK flag set in response, with an identical
+ payload. PING responses SHOULD be given higher priority than any
+ other frame.
+
+ The PING frame defines the following flags:
+
+ ACK (0x1): When set, bit 0 indicates that this PING frame is a PING
+ response. An endpoint MUST set this flag in PING responses. An
+ endpoint MUST NOT respond to PING frames containing this flag.
+
+
+
+
+Belshe, et al. Standards Track [Page 42]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ PING frames are not associated with any individual stream. If a PING
+ frame is received with a stream identifier field value other than
+ 0x0, the recipient MUST respond with a connection error
+ (Section 5.4.1) of type PROTOCOL_ERROR.
+
+ Receipt of a PING frame with a length field value other than 8 MUST
+ be treated as a connection error (Section 5.4.1) of type
+ FRAME_SIZE_ERROR.
+
+6.8. GOAWAY
+
+ The GOAWAY frame (type=0x7) is used to initiate shutdown of a
+ connection or to signal serious error conditions. GOAWAY allows an
+ endpoint to gracefully stop accepting new streams while still
+ finishing processing of previously established streams. This enables
+ administrative actions, like server maintenance.
+
+ There is an inherent race condition between an endpoint starting new
+ streams and the remote sending a GOAWAY frame. To deal with this
+ case, the GOAWAY contains the stream identifier of the last peer-
+ initiated stream that was or might be processed on the sending
+ endpoint in this connection. For instance, if the server sends a
+ GOAWAY frame, the identified stream is the highest-numbered stream
+ initiated by the client.
+
+ Once sent, the sender will ignore frames sent on streams initiated by
+ the receiver if the stream has an identifier higher than the included
+ last stream identifier. Receivers of a GOAWAY frame MUST NOT open
+ additional streams on the connection, although a new connection can
+ be established for new streams.
+
+ If the receiver of the GOAWAY has sent data on streams with a higher
+ stream identifier than what is indicated in the GOAWAY frame, those
+ streams are not or will not be processed. The receiver of the GOAWAY
+ frame can treat the streams as though they had never been created at
+ all, thereby allowing those streams to be retried later on a new
+ connection.
+
+ Endpoints SHOULD always send a GOAWAY frame before closing a
+ connection so that the remote peer can know whether a stream has been
+ partially processed or not. For example, if an HTTP client sends a
+ POST at the same time that a server closes a connection, the client
+ cannot know if the server started to process that POST request if the
+ server does not send a GOAWAY frame to indicate what streams it might
+ have acted on.
+
+ An endpoint might choose to close a connection without sending a
+ GOAWAY for misbehaving peers.
+
+
+
+Belshe, et al. Standards Track [Page 43]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ A GOAWAY frame might not immediately precede closing of the
+ connection; a receiver of a GOAWAY that has no more use for the
+ connection SHOULD still send a GOAWAY frame before terminating the
+ connection.
+
+ +-+-------------------------------------------------------------+
+ |R| Last-Stream-ID (31) |
+ +-+-------------------------------------------------------------+
+ | Error Code (32) |
+ +---------------------------------------------------------------+
+ | Additional Debug Data (*) |
+ +---------------------------------------------------------------+
+
+ Figure 13: GOAWAY Payload Format
+
+ The GOAWAY frame does not define any flags.
+
+ The GOAWAY frame applies to the connection, not a specific stream.
+ An endpoint MUST treat a GOAWAY frame with a stream identifier other
+ than 0x0 as a connection error (Section 5.4.1) of type
+ PROTOCOL_ERROR.
+
+ The last stream identifier in the GOAWAY frame contains the highest-
+ numbered stream identifier for which the sender of the GOAWAY frame
+ might have taken some action on or might yet take action on. All
+ streams up to and including the identified stream might have been
+ processed in some way. The last stream identifier can be set to 0 if
+ no streams were processed.
+
+ Note: In this context, "processed" means that some data from the
+ stream was passed to some higher layer of software that might have
+ taken some action as a result.
+
+ If a connection terminates without a GOAWAY frame, the last stream
+ identifier is effectively the highest possible stream identifier.
+
+ On streams with lower- or equal-numbered identifiers that were not
+ closed completely prior to the connection being closed, reattempting
+ requests, transactions, or any protocol activity is not possible,
+ with the exception of idempotent actions like HTTP GET, PUT, or
+ DELETE. Any protocol activity that uses higher-numbered streams can
+ be safely retried using a new connection.
+
+ Activity on streams numbered lower or equal to the last stream
+ identifier might still complete successfully. The sender of a GOAWAY
+ frame might gracefully shut down a connection by sending a GOAWAY
+ frame, maintaining the connection in an "open" state until all in-
+ progress streams complete.
+
+
+
+Belshe, et al. Standards Track [Page 44]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ An endpoint MAY send multiple GOAWAY frames if circumstances change.
+ For instance, an endpoint that sends GOAWAY with NO_ERROR during
+ graceful shutdown could subsequently encounter a condition that
+ requires immediate termination of the connection. The last stream
+ identifier from the last GOAWAY frame received indicates which
+ streams could have been acted upon. Endpoints MUST NOT increase the
+ value they send in the last stream identifier, since the peers might
+ already have retried unprocessed requests on another connection.
+
+ A client that is unable to retry requests loses all requests that are
+ in flight when the server closes the connection. This is especially
+ true for intermediaries that might not be serving clients using
+ HTTP/2. A server that is attempting to gracefully shut down a
+ connection SHOULD send an initial GOAWAY frame with the last stream
+ identifier set to 2^31-1 and a NO_ERROR code. This signals to the
+ client that a shutdown is imminent and that initiating further
+ requests is prohibited. After allowing time for any in-flight stream
+ creation (at least one round-trip time), the server can send another
+ GOAWAY frame with an updated last stream identifier. This ensures
+ that a connection can be cleanly shut down without losing requests.
+
+ After sending a GOAWAY frame, the sender can discard frames for
+ streams initiated by the receiver with identifiers higher than the
+ identified last stream. However, any frames that alter connection
+ state cannot be completely ignored. For instance, HEADERS,
+ PUSH_PROMISE, and CONTINUATION frames MUST be minimally processed to
+ ensure the state maintained for header compression is consistent (see
+ Section 4.3); similarly, DATA frames MUST be counted toward the
+ connection flow-control window. Failure to process these frames can
+ cause flow control or header compression state to become
+ unsynchronized.
+
+ The GOAWAY frame also contains a 32-bit error code (Section 7) that
+ contains the reason for closing the connection.
+
+ Endpoints MAY append opaque data to the payload of any GOAWAY frame.
+ Additional debug data is intended for diagnostic purposes only and
+ carries no semantic value. Debug information could contain security-
+ or privacy-sensitive data. Logged or otherwise persistently stored
+ debug data MUST have adequate safeguards to prevent unauthorized
+ access.
+
+
+
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 45]
+
+RFC 7540 HTTP/2 May 2015
+
+
+6.9. WINDOW_UPDATE
+
+ The WINDOW_UPDATE frame (type=0x8) is used to implement flow control;
+ see Section 5.2 for an overview.
+
+ Flow control operates at two levels: on each individual stream and on
+ the entire connection.
+
+ Both types of flow control are hop by hop, that is, only between the
+ two endpoints. Intermediaries do not forward WINDOW_UPDATE frames
+ between dependent connections. However, throttling of data transfer
+ by any receiver can indirectly cause the propagation of flow-control
+ information toward the original sender.
+
+ Flow control only applies to frames that are identified as being
+ subject to flow control. Of the frame types defined in this
+ document, this includes only DATA frames. Frames that are exempt
+ from flow control MUST be accepted and processed, unless the receiver
+ is unable to assign resources to handling the frame. A receiver MAY
+ respond with a stream error (Section 5.4.2) or connection error
+ (Section 5.4.1) of type FLOW_CONTROL_ERROR if it is unable to accept
+ a frame.
+
+ +-+-------------------------------------------------------------+
+ |R| Window Size Increment (31) |
+ +-+-------------------------------------------------------------+
+
+ Figure 14: WINDOW_UPDATE Payload Format
+
+ The payload of a WINDOW_UPDATE frame is one reserved bit plus an
+ unsigned 31-bit integer indicating the number of octets that the
+ sender can transmit in addition to the existing flow-control window.
+ The legal range for the increment to the flow-control window is 1 to
+ 2^31-1 (2,147,483,647) octets.
+
+ The WINDOW_UPDATE frame does not define any flags.
+
+ The WINDOW_UPDATE frame can be specific to a stream or to the entire
+ connection. In the former case, the frame's stream identifier
+ indicates the affected stream; in the latter, the value "0" indicates
+ that the entire connection is the subject of the frame.
+
+ A receiver MUST treat the receipt of a WINDOW_UPDATE frame with an
+ flow-control window increment of 0 as a stream error (Section 5.4.2)
+ of type PROTOCOL_ERROR; errors on the connection flow-control window
+ MUST be treated as a connection error (Section 5.4.1).
+
+
+
+
+
+Belshe, et al. Standards Track [Page 46]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ WINDOW_UPDATE can be sent by a peer that has sent a frame bearing the
+ END_STREAM flag. This means that a receiver could receive a
+ WINDOW_UPDATE frame on a "half-closed (remote)" or "closed" stream.
+ A receiver MUST NOT treat this as an error (see Section 5.1).
+
+ A receiver that receives a flow-controlled frame MUST always account
+ for its contribution against the connection flow-control window,
+ unless the receiver treats this as a connection error
+ (Section 5.4.1). This is necessary even if the frame is in error.
+ The sender counts the frame toward the flow-control window, but if
+ the receiver does not, the flow-control window at the sender and
+ receiver can become different.
+
+ A WINDOW_UPDATE frame with a length other than 4 octets MUST be
+ treated as a connection error (Section 5.4.1) of type
+ FRAME_SIZE_ERROR.
+
+6.9.1. The Flow-Control Window
+
+ Flow control in HTTP/2 is implemented using a window kept by each
+ sender on every stream. The flow-control window is a simple integer
+ value that indicates how many octets of data the sender is permitted
+ to transmit; as such, its size is a measure of the buffering capacity
+ of the receiver.
+
+ Two flow-control windows are applicable: the stream flow-control
+ window and the connection flow-control window. The sender MUST NOT
+ send a flow-controlled frame with a length that exceeds the space
+ available in either of the flow-control windows advertised by the
+ receiver. Frames with zero length with the END_STREAM flag set (that
+ is, an empty DATA frame) MAY be sent if there is no available space
+ in either flow-control window.
+
+ For flow-control calculations, the 9-octet frame header is not
+ counted.
+
+ After sending a flow-controlled frame, the sender reduces the space
+ available in both windows by the length of the transmitted frame.
+
+ The receiver of a frame sends a WINDOW_UPDATE frame as it consumes
+ data and frees up space in flow-control windows. Separate
+ WINDOW_UPDATE frames are sent for the stream- and connection-level
+ flow-control windows.
+
+ A sender that receives a WINDOW_UPDATE frame updates the
+ corresponding window by the amount specified in the frame.
+
+
+
+
+
+Belshe, et al. Standards Track [Page 47]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ A sender MUST NOT allow a flow-control window to exceed 2^31-1
+ octets. If a sender receives a WINDOW_UPDATE that causes a flow-
+ control window to exceed this maximum, it MUST terminate either the
+ stream or the connection, as appropriate. For streams, the sender
+ sends a RST_STREAM with an error code of FLOW_CONTROL_ERROR; for the
+ connection, a GOAWAY frame with an error code of FLOW_CONTROL_ERROR
+ is sent.
+
+ Flow-controlled frames from the sender and WINDOW_UPDATE frames from
+ the receiver are completely asynchronous with respect to each other.
+ This property allows a receiver to aggressively update the window
+ size kept by the sender to prevent streams from stalling.
+
+6.9.2. Initial Flow-Control Window Size
+
+ When an HTTP/2 connection is first established, new streams are
+ created with an initial flow-control window size of 65,535 octets.
+ The connection flow-control window is also 65,535 octets. Both
+ endpoints can adjust the initial window size for new streams by
+ including a value for SETTINGS_INITIAL_WINDOW_SIZE in the SETTINGS
+ frame that forms part of the connection preface. The connection
+ flow-control window can only be changed using WINDOW_UPDATE frames.
+
+ Prior to receiving a SETTINGS frame that sets a value for
+ SETTINGS_INITIAL_WINDOW_SIZE, an endpoint can only use the default
+ initial window size when sending flow-controlled frames. Similarly,
+ the connection flow-control window is set to the default initial
+ window size until a WINDOW_UPDATE frame is received.
+
+ In addition to changing the flow-control window for streams that are
+ not yet active, a SETTINGS frame can alter the initial flow-control
+ window size for streams with active flow-control windows (that is,
+ streams in the "open" or "half-closed (remote)" state). When the
+ value of SETTINGS_INITIAL_WINDOW_SIZE changes, a receiver MUST adjust
+ the size of all stream flow-control windows that it maintains by the
+ difference between the new value and the old value.
+
+ A change to SETTINGS_INITIAL_WINDOW_SIZE can cause the available
+ space in a flow-control window to become negative. A sender MUST
+ track the negative flow-control window and MUST NOT send new flow-
+ controlled frames until it receives WINDOW_UPDATE frames that cause
+ the flow-control window to become positive.
+
+ For example, if the client sends 60 KB immediately on connection
+ establishment and the server sets the initial window size to be 16
+ KB, the client will recalculate the available flow-control window to
+
+
+
+
+
+Belshe, et al. Standards Track [Page 48]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ be -44 KB on receipt of the SETTINGS frame. The client retains a
+ negative flow-control window until WINDOW_UPDATE frames restore the
+ window to being positive, after which the client can resume sending.
+
+ A SETTINGS frame cannot alter the connection flow-control window.
+
+ An endpoint MUST treat a change to SETTINGS_INITIAL_WINDOW_SIZE that
+ causes any flow-control window to exceed the maximum size as a
+ connection error (Section 5.4.1) of type FLOW_CONTROL_ERROR.
+
+6.9.3. Reducing the Stream Window Size
+
+ A receiver that wishes to use a smaller flow-control window than the
+ current size can send a new SETTINGS frame. However, the receiver
+ MUST be prepared to receive data that exceeds this window size, since
+ the sender might send data that exceeds the lower limit prior to
+ processing the SETTINGS frame.
+
+ After sending a SETTINGS frame that reduces the initial flow-control
+ window size, a receiver MAY continue to process streams that exceed
+ flow-control limits. Allowing streams to continue does not allow the
+ receiver to immediately reduce the space it reserves for flow-control
+ windows. Progress on these streams can also stall, since
+ WINDOW_UPDATE frames are needed to allow the sender to resume
+ sending. The receiver MAY instead send a RST_STREAM with an error
+ code of FLOW_CONTROL_ERROR for the affected streams.
+
+6.10. CONTINUATION
+
+ The CONTINUATION frame (type=0x9) is used to continue a sequence of
+ header block fragments (Section 4.3). Any number of CONTINUATION
+ frames can be sent, as long as the preceding frame is on the same
+ stream and is a HEADERS, PUSH_PROMISE, or CONTINUATION frame without
+ the END_HEADERS flag set.
+
+ +---------------------------------------------------------------+
+ | Header Block Fragment (*) ...
+ +---------------------------------------------------------------+
+
+ Figure 15: CONTINUATION Frame Payload
+
+ The CONTINUATION frame payload contains a header block fragment
+ (Section 4.3).
+
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 49]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ The CONTINUATION frame defines the following flag:
+
+ END_HEADERS (0x4): When set, bit 2 indicates that this frame ends a
+ header block (Section 4.3).
+
+ If the END_HEADERS bit is not set, this frame MUST be followed by
+ another CONTINUATION frame. A receiver MUST treat the receipt of
+ any other type of frame or a frame on a different stream as a
+ connection error (Section 5.4.1) of type PROTOCOL_ERROR.
+
+ The CONTINUATION frame changes the connection state as defined in
+ Section 4.3.
+
+ CONTINUATION frames MUST be associated with a stream. If a
+ CONTINUATION frame is received whose stream identifier field is 0x0,
+ the recipient MUST respond with a connection error (Section 5.4.1) of
+ type PROTOCOL_ERROR.
+
+ A CONTINUATION frame MUST be preceded by a HEADERS, PUSH_PROMISE or
+ CONTINUATION frame without the END_HEADERS flag set. A recipient
+ that observes violation of this rule MUST respond with a connection
+ error (Section 5.4.1) of type PROTOCOL_ERROR.
+
+7. Error Codes
+
+ Error codes are 32-bit fields that are used in RST_STREAM and GOAWAY
+ frames to convey the reasons for the stream or connection error.
+
+ Error codes share a common code space. Some error codes apply only
+ to either streams or the entire connection and have no defined
+ semantics in the other context.
+
+ The following error codes are defined:
+
+ NO_ERROR (0x0): The associated condition is not a result of an
+ error. For example, a GOAWAY might include this code to indicate
+ graceful shutdown of a connection.
+
+ PROTOCOL_ERROR (0x1): The endpoint detected an unspecific protocol
+ error. This error is for use when a more specific error code is
+ not available.
+
+ INTERNAL_ERROR (0x2): The endpoint encountered an unexpected
+ internal error.
+
+ FLOW_CONTROL_ERROR (0x3): The endpoint detected that its peer
+ violated the flow-control protocol.
+
+
+
+
+Belshe, et al. Standards Track [Page 50]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ SETTINGS_TIMEOUT (0x4): The endpoint sent a SETTINGS frame but did
+ not receive a response in a timely manner. See Section 6.5.3
+ ("Settings Synchronization").
+
+ STREAM_CLOSED (0x5): The endpoint received a frame after a stream
+ was half-closed.
+
+ FRAME_SIZE_ERROR (0x6): The endpoint received a frame with an
+ invalid size.
+
+ REFUSED_STREAM (0x7): The endpoint refused the stream prior to
+ performing any application processing (see Section 8.1.4 for
+ details).
+
+ CANCEL (0x8): Used by the endpoint to indicate that the stream is no
+ longer needed.
+
+ COMPRESSION_ERROR (0x9): The endpoint is unable to maintain the
+ header compression context for the connection.
+
+ CONNECT_ERROR (0xa): The connection established in response to a
+ CONNECT request (Section 8.3) was reset or abnormally closed.
+
+ ENHANCE_YOUR_CALM (0xb): The endpoint detected that its peer is
+ exhibiting a behavior that might be generating excessive load.
+
+ INADEQUATE_SECURITY (0xc): The underlying transport has properties
+ that do not meet minimum security requirements (see Section 9.2).
+
+ HTTP_1_1_REQUIRED (0xd): The endpoint requires that HTTP/1.1 be used
+ instead of HTTP/2.
+
+ Unknown or unsupported error codes MUST NOT trigger any special
+ behavior. These MAY be treated by an implementation as being
+ equivalent to INTERNAL_ERROR.
+
+8. HTTP Message Exchanges
+
+ HTTP/2 is intended to be as compatible as possible with current uses
+ of HTTP. This means that, from the application perspective, the
+ features of the protocol are largely unchanged. To achieve this, all
+ request and response semantics are preserved, although the syntax of
+ conveying those semantics has changed.
+
+ Thus, the specification and requirements of HTTP/1.1 Semantics and
+ Content [RFC7231], Conditional Requests [RFC7232], Range Requests
+ [RFC7233], Caching [RFC7234], and Authentication [RFC7235] are
+ applicable to HTTP/2. Selected portions of HTTP/1.1 Message Syntax
+
+
+
+Belshe, et al. Standards Track [Page 51]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ and Routing [RFC7230], such as the HTTP and HTTPS URI schemes, are
+ also applicable in HTTP/2, but the expression of those semantics for
+ this protocol are defined in the sections below.
+
+8.1. HTTP Request/Response Exchange
+
+ A client sends an HTTP request on a new stream, using a previously
+ unused stream identifier (Section 5.1.1). A server sends an HTTP
+ response on the same stream as the request.
+
+ An HTTP message (request or response) consists of:
+
+ 1. for a response only, zero or more HEADERS frames (each followed
+ by zero or more CONTINUATION frames) containing the message
+ headers of informational (1xx) HTTP responses (see [RFC7230],
+ Section 3.2 and [RFC7231], Section 6.2),
+
+ 2. one HEADERS frame (followed by zero or more CONTINUATION frames)
+ containing the message headers (see [RFC7230], Section 3.2),
+
+ 3. zero or more DATA frames containing the payload body (see
+ [RFC7230], Section 3.3), and
+
+ 4. optionally, one HEADERS frame, followed by zero or more
+ CONTINUATION frames containing the trailer-part, if present (see
+ [RFC7230], Section 4.1.2).
+
+ The last frame in the sequence bears an END_STREAM flag, noting that
+ a HEADERS frame bearing the END_STREAM flag can be followed by
+ CONTINUATION frames that carry any remaining portions of the header
+ block.
+
+ Other frames (from any stream) MUST NOT occur between the HEADERS
+ frame and any CONTINUATION frames that might follow.
+
+ HTTP/2 uses DATA frames to carry message payloads. The "chunked"
+ transfer encoding defined in Section 4.1 of [RFC7230] MUST NOT be
+ used in HTTP/2.
+
+ Trailing header fields are carried in a header block that also
+ terminates the stream. Such a header block is a sequence starting
+ with a HEADERS frame, followed by zero or more CONTINUATION frames,
+ where the HEADERS frame bears an END_STREAM flag. Header blocks
+ after the first that do not terminate the stream are not part of an
+ HTTP request or response.
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 52]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ A HEADERS frame (and associated CONTINUATION frames) can only appear
+ at the start or end of a stream. An endpoint that receives a HEADERS
+ frame without the END_STREAM flag set after receiving a final (non-
+ informational) status code MUST treat the corresponding request or
+ response as malformed (Section 8.1.2.6).
+
+ An HTTP request/response exchange fully consumes a single stream. A
+ request starts with the HEADERS frame that puts the stream into an
+ "open" state. The request ends with a frame bearing END_STREAM,
+ which causes the stream to become "half-closed (local)" for the
+ client and "half-closed (remote)" for the server. A response starts
+ with a HEADERS frame and ends with a frame bearing END_STREAM, which
+ places the stream in the "closed" state.
+
+ An HTTP response is complete after the server sends -- or the client
+ receives -- a frame with the END_STREAM flag set (including any
+ CONTINUATION frames needed to complete a header block). A server can
+ send a complete response prior to the client sending an entire
+ request if the response does not depend on any portion of the request
+ that has not been sent and received. When this is true, a server MAY
+ request that the client abort transmission of a request without error
+ by sending a RST_STREAM with an error code of NO_ERROR after sending
+ a complete response (i.e., a frame with the END_STREAM flag).
+ Clients MUST NOT discard responses as a result of receiving such a
+ RST_STREAM, though clients can always discard responses at their
+ discretion for other reasons.
+
+8.1.1. Upgrading from HTTP/2
+
+ HTTP/2 removes support for the 101 (Switching Protocols)
+ informational status code ([RFC7231], Section 6.2.2).
+
+ The semantics of 101 (Switching Protocols) aren't applicable to a
+ multiplexed protocol. Alternative protocols are able to use the same
+ mechanisms that HTTP/2 uses to negotiate their use (see Section 3).
+
+8.1.2. HTTP Header Fields
+
+ HTTP header fields carry information as a series of key-value pairs.
+ For a listing of registered HTTP headers, see the "Message Header
+ Field" registry maintained at <https://www.iana.org/assignments/
+ message-headers>.
+
+ Just as in HTTP/1.x, header field names are strings of ASCII
+ characters that are compared in a case-insensitive fashion. However,
+ header field names MUST be converted to lowercase prior to their
+ encoding in HTTP/2. A request or response containing uppercase
+ header field names MUST be treated as malformed (Section 8.1.2.6).
+
+
+
+Belshe, et al. Standards Track [Page 53]
+
+RFC 7540 HTTP/2 May 2015
+
+
+8.1.2.1. Pseudo-Header Fields
+
+ While HTTP/1.x used the message start-line (see [RFC7230],
+ Section 3.1) to convey the target URI, the method of the request, and
+ the status code for the response, HTTP/2 uses special pseudo-header
+ fields beginning with ':' character (ASCII 0x3a) for this purpose.
+
+ Pseudo-header fields are not HTTP header fields. Endpoints MUST NOT
+ generate pseudo-header fields other than those defined in this
+ document.
+
+ Pseudo-header fields are only valid in the context in which they are
+ defined. Pseudo-header fields defined for requests MUST NOT appear
+ in responses; pseudo-header fields defined for responses MUST NOT
+ appear in requests. Pseudo-header fields MUST NOT appear in
+ trailers. Endpoints MUST treat a request or response that contains
+ undefined or invalid pseudo-header fields as malformed
+ (Section 8.1.2.6).
+
+ All pseudo-header fields MUST appear in the header block before
+ regular header fields. Any request or response that contains a
+ pseudo-header field that appears in a header block after a regular
+ header field MUST be treated as malformed (Section 8.1.2.6).
+
+8.1.2.2. Connection-Specific Header Fields
+
+ HTTP/2 does not use the Connection header field to indicate
+ connection-specific header fields; in this protocol, connection-
+ specific metadata is conveyed by other means. An endpoint MUST NOT
+ generate an HTTP/2 message containing connection-specific header
+ fields; any message containing connection-specific header fields MUST
+ be treated as malformed (Section 8.1.2.6).
+
+ The only exception to this is the TE header field, which MAY be
+ present in an HTTP/2 request; when it is, it MUST NOT contain any
+ value other than "trailers".
+
+ This means that an intermediary transforming an HTTP/1.x message to
+ HTTP/2 will need to remove any header fields nominated by the
+ Connection header field, along with the Connection header field
+ itself. Such intermediaries SHOULD also remove other connection-
+ specific header fields, such as Keep-Alive, Proxy-Connection,
+ Transfer-Encoding, and Upgrade, even if they are not nominated by the
+ Connection header field.
+
+ Note: HTTP/2 purposefully does not support upgrade to another
+ protocol. The handshake methods described in Section 3 are
+ believed sufficient to negotiate the use of alternative protocols.
+
+
+
+Belshe, et al. Standards Track [Page 54]
+
+RFC 7540 HTTP/2 May 2015
+
+
+8.1.2.3. Request Pseudo-Header Fields
+
+ The following pseudo-header fields are defined for HTTP/2 requests:
+
+ o The ":method" pseudo-header field includes the HTTP method
+ ([RFC7231], Section 4).
+
+ o The ":scheme" pseudo-header field includes the scheme portion of
+ the target URI ([RFC3986], Section 3.1).
+
+ ":scheme" is not restricted to "http" and "https" schemed URIs. A
+ proxy or gateway can translate requests for non-HTTP schemes,
+ enabling the use of HTTP to interact with non-HTTP services.
+
+ o The ":authority" pseudo-header field includes the authority
+ portion of the target URI ([RFC3986], Section 3.2). The authority
+ MUST NOT include the deprecated "userinfo" subcomponent for "http"
+ or "https" schemed URIs.
+
+ To ensure that the HTTP/1.1 request line can be reproduced
+ accurately, this pseudo-header field MUST be omitted when
+ translating from an HTTP/1.1 request that has a request target in
+ origin or asterisk form (see [RFC7230], Section 5.3). Clients
+ that generate HTTP/2 requests directly SHOULD use the ":authority"
+ pseudo-header field instead of the Host header field. An
+ intermediary that converts an HTTP/2 request to HTTP/1.1 MUST
+ create a Host header field if one is not present in a request by
+ copying the value of the ":authority" pseudo-header field.
+
+ o The ":path" pseudo-header field includes the path and query parts
+ of the target URI (the "path-absolute" production and optionally a
+ '?' character followed by the "query" production (see Sections 3.3
+ and 3.4 of [RFC3986]). A request in asterisk form includes the
+ value '*' for the ":path" pseudo-header field.
+
+ This pseudo-header field MUST NOT be empty for "http" or "https"
+ URIs; "http" or "https" URIs that do not contain a path component
+ MUST include a value of '/'. The exception to this rule is an
+ OPTIONS request for an "http" or "https" URI that does not include
+ a path component; these MUST include a ":path" pseudo-header field
+ with a value of '*' (see [RFC7230], Section 5.3.4).
+
+
+
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 55]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ All HTTP/2 requests MUST include exactly one valid value for the
+ ":method", ":scheme", and ":path" pseudo-header fields, unless it is
+ a CONNECT request (Section 8.3). An HTTP request that omits
+ mandatory pseudo-header fields is malformed (Section 8.1.2.6).
+
+ HTTP/2 does not define a way to carry the version identifier that is
+ included in the HTTP/1.1 request line.
+
+8.1.2.4. Response Pseudo-Header Fields
+
+ For HTTP/2 responses, a single ":status" pseudo-header field is
+ defined that carries the HTTP status code field (see [RFC7231],
+ Section 6). This pseudo-header field MUST be included in all
+ responses; otherwise, the response is malformed (Section 8.1.2.6).
+
+ HTTP/2 does not define a way to carry the version or reason phrase
+ that is included in an HTTP/1.1 status line.
+
+8.1.2.5. Compressing the Cookie Header Field
+
+ The Cookie header field [COOKIE] uses a semi-colon (";") to delimit
+ cookie-pairs (or "crumbs"). This header field doesn't follow the
+ list construction rules in HTTP (see [RFC7230], Section 3.2.2), which
+ prevents cookie-pairs from being separated into different name-value
+ pairs. This can significantly reduce compression efficiency as
+ individual cookie-pairs are updated.
+
+ To allow for better compression efficiency, the Cookie header field
+ MAY be split into separate header fields, each with one or more
+ cookie-pairs. If there are multiple Cookie header fields after
+ decompression, these MUST be concatenated into a single octet string
+ using the two-octet delimiter of 0x3B, 0x20 (the ASCII string "; ")
+ before being passed into a non-HTTP/2 context, such as an HTTP/1.1
+ connection, or a generic HTTP server application.
+
+ Therefore, the following two lists of Cookie header fields are
+ semantically equivalent.
+
+ cookie: a=b; c=d; e=f
+
+ cookie: a=b
+ cookie: c=d
+ cookie: e=f
+
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 56]
+
+RFC 7540 HTTP/2 May 2015
+
+
+8.1.2.6. Malformed Requests and Responses
+
+ A malformed request or response is one that is an otherwise valid
+ sequence of HTTP/2 frames but is invalid due to the presence of
+ extraneous frames, prohibited header fields, the absence of mandatory
+ header fields, or the inclusion of uppercase header field names.
+
+ A request or response that includes a payload body can include a
+ content-length header field. A request or response is also malformed
+ if the value of a content-length header field does not equal the sum
+ of the DATA frame payload lengths that form the body. A response
+ that is defined to have no payload, as described in [RFC7230],
+ Section 3.3.2, can have a non-zero content-length header field, even
+ though no content is included in DATA frames.
+
+ Intermediaries that process HTTP requests or responses (i.e., any
+ intermediary not acting as a tunnel) MUST NOT forward a malformed
+ request or response. Malformed requests or responses that are
+ detected MUST be treated as a stream error (Section 5.4.2) of type
+ PROTOCOL_ERROR.
+
+ For malformed requests, a server MAY send an HTTP response prior to
+ closing or resetting the stream. Clients MUST NOT accept a malformed
+ response. Note that these requirements are intended to protect
+ against several types of common attacks against HTTP; they are
+ deliberately strict because being permissive can expose
+ implementations to these vulnerabilities.
+
+8.1.3. Examples
+
+ This section shows HTTP/1.1 requests and responses, with
+ illustrations of equivalent HTTP/2 requests and responses.
+
+ An HTTP GET request includes request header fields and no payload
+ body and is therefore transmitted as a single HEADERS frame, followed
+ by zero or more CONTINUATION frames containing the serialized block
+ of request header fields. The HEADERS frame in the following has
+ both the END_HEADERS and END_STREAM flags set; no CONTINUATION frames
+ are sent.
+
+ GET /resource HTTP/1.1 HEADERS
+ Host: example.org ==> + END_STREAM
+ Accept: image/jpeg + END_HEADERS
+ :method = GET
+ :scheme = https
+ :path = /resource
+ host = example.org
+ accept = image/jpeg
+
+
+
+Belshe, et al. Standards Track [Page 57]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ Similarly, a response that includes only response header fields is
+ transmitted as a HEADERS frame (again, followed by zero or more
+ CONTINUATION frames) containing the serialized block of response
+ header fields.
+
+ HTTP/1.1 304 Not Modified HEADERS
+ ETag: "xyzzy" ==> + END_STREAM
+ Expires: Thu, 23 Jan ... + END_HEADERS
+ :status = 304
+ etag = "xyzzy"
+ expires = Thu, 23 Jan ...
+
+ An HTTP POST request that includes request header fields and payload
+ data is transmitted as one HEADERS frame, followed by zero or more
+ CONTINUATION frames containing the request header fields, followed by
+ one or more DATA frames, with the last CONTINUATION (or HEADERS)
+ frame having the END_HEADERS flag set and the final DATA frame having
+ the END_STREAM flag set:
+
+ POST /resource HTTP/1.1 HEADERS
+ Host: example.org ==> - END_STREAM
+ Content-Type: image/jpeg - END_HEADERS
+ Content-Length: 123 :method = POST
+ :path = /resource
+ {binary data} :scheme = https
+
+ CONTINUATION
+ + END_HEADERS
+ content-type = image/jpeg
+ host = example.org
+ content-length = 123
+
+ DATA
+ + END_STREAM
+ {binary data}
+
+ Note that data contributing to any given header field could be spread
+ between header block fragments. The allocation of header fields to
+ frames in this example is illustrative only.
+
+ A response that includes header fields and payload data is
+ transmitted as a HEADERS frame, followed by zero or more CONTINUATION
+ frames, followed by one or more DATA frames, with the last DATA frame
+ in the sequence having the END_STREAM flag set:
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 58]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ HTTP/1.1 200 OK HEADERS
+ Content-Type: image/jpeg ==> - END_STREAM
+ Content-Length: 123 + END_HEADERS
+ :status = 200
+ {binary data} content-type = image/jpeg
+ content-length = 123
+
+ DATA
+ + END_STREAM
+ {binary data}
+
+ An informational response using a 1xx status code other than 101 is
+ transmitted as a HEADERS frame, followed by zero or more CONTINUATION
+ frames.
+
+ Trailing header fields are sent as a header block after both the
+ request or response header block and all the DATA frames have been
+ sent. The HEADERS frame starting the trailers header block has the
+ END_STREAM flag set.
+
+ The following example includes both a 100 (Continue) status code,
+ which is sent in response to a request containing a "100-continue"
+ token in the Expect header field, and trailing header fields:
+
+ HTTP/1.1 100 Continue HEADERS
+ Extension-Field: bar ==> - END_STREAM
+ + END_HEADERS
+ :status = 100
+ extension-field = bar
+
+ HTTP/1.1 200 OK HEADERS
+ Content-Type: image/jpeg ==> - END_STREAM
+ Transfer-Encoding: chunked + END_HEADERS
+ Trailer: Foo :status = 200
+ content-length = 123
+ 123 content-type = image/jpeg
+ {binary data} trailer = Foo
+ 0
+ Foo: bar DATA
+ - END_STREAM
+ {binary data}
+
+ HEADERS
+ + END_STREAM
+ + END_HEADERS
+ foo = bar
+
+
+
+
+
+Belshe, et al. Standards Track [Page 59]
+
+RFC 7540 HTTP/2 May 2015
+
+
+8.1.4. Request Reliability Mechanisms in HTTP/2
+
+ In HTTP/1.1, an HTTP client is unable to retry a non-idempotent
+ request when an error occurs because there is no means to determine
+ the nature of the error. It is possible that some server processing
+ occurred prior to the error, which could result in undesirable
+ effects if the request were reattempted.
+
+ HTTP/2 provides two mechanisms for providing a guarantee to a client
+ that a request has not been processed:
+
+ o The GOAWAY frame indicates the highest stream number that might
+ have been processed. Requests on streams with higher numbers are
+ therefore guaranteed to be safe to retry.
+
+ o The REFUSED_STREAM error code can be included in a RST_STREAM
+ frame to indicate that the stream is being closed prior to any
+ processing having occurred. Any request that was sent on the
+ reset stream can be safely retried.
+
+ Requests that have not been processed have not failed; clients MAY
+ automatically retry them, even those with non-idempotent methods.
+
+ A server MUST NOT indicate that a stream has not been processed
+ unless it can guarantee that fact. If frames that are on a stream
+ are passed to the application layer for any stream, then
+ REFUSED_STREAM MUST NOT be used for that stream, and a GOAWAY frame
+ MUST include a stream identifier that is greater than or equal to the
+ given stream identifier.
+
+ In addition to these mechanisms, the PING frame provides a way for a
+ client to easily test a connection. Connections that remain idle can
+ become broken as some middleboxes (for instance, network address
+ translators or load balancers) silently discard connection bindings.
+ The PING frame allows a client to safely test whether a connection is
+ still active without sending a request.
+
+8.2. Server Push
+
+ HTTP/2 allows a server to pre-emptively send (or "push") responses
+ (along with corresponding "promised" requests) to a client in
+ association with a previous client-initiated request. This can be
+ useful when the server knows the client will need to have those
+ responses available in order to fully process the response to the
+ original request.
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 60]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ A client can request that server push be disabled, though this is
+ negotiated for each hop independently. The SETTINGS_ENABLE_PUSH
+ setting can be set to 0 to indicate that server push is disabled.
+
+ Promised requests MUST be cacheable (see [RFC7231], Section 4.2.3),
+ MUST be safe (see [RFC7231], Section 4.2.1), and MUST NOT include a
+ request body. Clients that receive a promised request that is not
+ cacheable, that is not known to be safe, or that indicates the
+ presence of a request body MUST reset the promised stream with a
+ stream error (Section 5.4.2) of type PROTOCOL_ERROR. Note this could
+ result in the promised stream being reset if the client does not
+ recognize a newly defined method as being safe.
+
+ Pushed responses that are cacheable (see [RFC7234], Section 3) can be
+ stored by the client, if it implements an HTTP cache. Pushed
+ responses are considered successfully validated on the origin server
+ (e.g., if the "no-cache" cache response directive is present
+ ([RFC7234], Section 5.2.2)) while the stream identified by the
+ promised stream ID is still open.
+
+ Pushed responses that are not cacheable MUST NOT be stored by any
+ HTTP cache. They MAY be made available to the application
+ separately.
+
+ The server MUST include a value in the ":authority" pseudo-header
+ field for which the server is authoritative (see Section 10.1). A
+ client MUST treat a PUSH_PROMISE for which the server is not
+ authoritative as a stream error (Section 5.4.2) of type
+ PROTOCOL_ERROR.
+
+ An intermediary can receive pushes from the server and choose not to
+ forward them on to the client. In other words, how to make use of
+ the pushed information is up to that intermediary. Equally, the
+ intermediary might choose to make additional pushes to the client,
+ without any action taken by the server.
+
+ A client cannot push. Thus, servers MUST treat the receipt of a
+ PUSH_PROMISE frame as a connection error (Section 5.4.1) of type
+ PROTOCOL_ERROR. Clients MUST reject any attempt to change the
+ SETTINGS_ENABLE_PUSH setting to a value other than 0 by treating the
+ message as a connection error (Section 5.4.1) of type PROTOCOL_ERROR.
+
+8.2.1. Push Requests
+
+ Server push is semantically equivalent to a server responding to a
+ request; however, in this case, that request is also sent by the
+ server, as a PUSH_PROMISE frame.
+
+
+
+
+Belshe, et al. Standards Track [Page 61]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ The PUSH_PROMISE frame includes a header block that contains a
+ complete set of request header fields that the server attributes to
+ the request. It is not possible to push a response to a request that
+ includes a request body.
+
+ Pushed responses are always associated with an explicit request from
+ the client. The PUSH_PROMISE frames sent by the server are sent on
+ that explicit request's stream. The PUSH_PROMISE frame also includes
+ a promised stream identifier, chosen from the stream identifiers
+ available to the server (see Section 5.1.1).
+
+ The header fields in PUSH_PROMISE and any subsequent CONTINUATION
+ frames MUST be a valid and complete set of request header fields
+ (Section 8.1.2.3). The server MUST include a method in the ":method"
+ pseudo-header field that is safe and cacheable. If a client receives
+ a PUSH_PROMISE that does not include a complete and valid set of
+ header fields or the ":method" pseudo-header field identifies a
+ method that is not safe, it MUST respond with a stream error
+ (Section 5.4.2) of type PROTOCOL_ERROR.
+
+ The server SHOULD send PUSH_PROMISE (Section 6.6) frames prior to
+ sending any frames that reference the promised responses. This
+ avoids a race where clients issue requests prior to receiving any
+ PUSH_PROMISE frames.
+
+ For example, if the server receives a request for a document
+ containing embedded links to multiple image files and the server
+ chooses to push those additional images to the client, sending
+ PUSH_PROMISE frames before the DATA frames that contain the image
+ links ensures that the client is able to see that a resource will be
+ pushed before discovering embedded links. Similarly, if the server
+ pushes responses referenced by the header block (for instance, in
+ Link header fields), sending a PUSH_PROMISE before sending the header
+ block ensures that clients do not request those resources.
+
+ PUSH_PROMISE frames MUST NOT be sent by the client.
+
+ PUSH_PROMISE frames can be sent by the server in response to any
+ client-initiated stream, but the stream MUST be in either the "open"
+ or "half-closed (remote)" state with respect to the server.
+ PUSH_PROMISE frames are interspersed with the frames that comprise a
+ response, though they cannot be interspersed with HEADERS and
+ CONTINUATION frames that comprise a single header block.
+
+ Sending a PUSH_PROMISE frame creates a new stream and puts the stream
+ into the "reserved (local)" state for the server and the "reserved
+ (remote)" state for the client.
+
+
+
+
+Belshe, et al. Standards Track [Page 62]
+
+RFC 7540 HTTP/2 May 2015
+
+
+8.2.2. Push Responses
+
+ After sending the PUSH_PROMISE frame, the server can begin delivering
+ the pushed response as a response (Section 8.1.2.4) on a server-
+ initiated stream that uses the promised stream identifier. The
+ server uses this stream to transmit an HTTP response, using the same
+ sequence of frames as defined in Section 8.1. This stream becomes
+ "half-closed" to the client (Section 5.1) after the initial HEADERS
+ frame is sent.
+
+ Once a client receives a PUSH_PROMISE frame and chooses to accept the
+ pushed response, the client SHOULD NOT issue any requests for the
+ promised response until after the promised stream has closed.
+
+ If the client determines, for any reason, that it does not wish to
+ receive the pushed response from the server or if the server takes
+ too long to begin sending the promised response, the client can send
+ a RST_STREAM frame, using either the CANCEL or REFUSED_STREAM code
+ and referencing the pushed stream's identifier.
+
+ A client can use the SETTINGS_MAX_CONCURRENT_STREAMS setting to limit
+ the number of responses that can be concurrently pushed by a server.
+ Advertising a SETTINGS_MAX_CONCURRENT_STREAMS value of zero disables
+ server push by preventing the server from creating the necessary
+ streams. This does not prohibit a server from sending PUSH_PROMISE
+ frames; clients need to reset any promised streams that are not
+ wanted.
+
+ Clients receiving a pushed response MUST validate that either the
+ server is authoritative (see Section 10.1) or the proxy that provided
+ the pushed response is configured for the corresponding request. For
+ example, a server that offers a certificate for only the
+ "example.com" DNS-ID or Common Name is not permitted to push a
+ response for "https://www.example.org/doc".
+
+ The response for a PUSH_PROMISE stream begins with a HEADERS frame,
+ which immediately puts the stream into the "half-closed (remote)"
+ state for the server and "half-closed (local)" state for the client,
+ and ends with a frame bearing END_STREAM, which places the stream in
+ the "closed" state.
+
+ Note: The client never sends a frame with the END_STREAM flag for
+ a server push.
+
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 63]
+
+RFC 7540 HTTP/2 May 2015
+
+
+8.3. The CONNECT Method
+
+ In HTTP/1.x, the pseudo-method CONNECT ([RFC7231], Section 4.3.6) is
+ used to convert an HTTP connection into a tunnel to a remote host.
+ CONNECT is primarily used with HTTP proxies to establish a TLS
+ session with an origin server for the purposes of interacting with
+ "https" resources.
+
+ In HTTP/2, the CONNECT method is used to establish a tunnel over a
+ single HTTP/2 stream to a remote host for similar purposes. The HTTP
+ header field mapping works as defined in Section 8.1.2.3 ("Request
+ Pseudo-Header Fields"), with a few differences. Specifically:
+
+ o The ":method" pseudo-header field is set to "CONNECT".
+
+ o The ":scheme" and ":path" pseudo-header fields MUST be omitted.
+
+ o The ":authority" pseudo-header field contains the host and port to
+ connect to (equivalent to the authority-form of the request-target
+ of CONNECT requests (see [RFC7230], Section 5.3)).
+
+ A CONNECT request that does not conform to these restrictions is
+ malformed (Section 8.1.2.6).
+
+ A proxy that supports CONNECT establishes a TCP connection [TCP] to
+ the server identified in the ":authority" pseudo-header field. Once
+ this connection is successfully established, the proxy sends a
+ HEADERS frame containing a 2xx series status code to the client, as
+ defined in [RFC7231], Section 4.3.6.
+
+ After the initial HEADERS frame sent by each peer, all subsequent
+ DATA frames correspond to data sent on the TCP connection. The
+ payload of any DATA frames sent by the client is transmitted by the
+ proxy to the TCP server; data received from the TCP server is
+ assembled into DATA frames by the proxy. Frame types other than DATA
+ or stream management frames (RST_STREAM, WINDOW_UPDATE, and PRIORITY)
+ MUST NOT be sent on a connected stream and MUST be treated as a
+ stream error (Section 5.4.2) if received.
+
+ The TCP connection can be closed by either peer. The END_STREAM flag
+ on a DATA frame is treated as being equivalent to the TCP FIN bit. A
+ client is expected to send a DATA frame with the END_STREAM flag set
+ after receiving a frame bearing the END_STREAM flag. A proxy that
+ receives a DATA frame with the END_STREAM flag set sends the attached
+ data with the FIN bit set on the last TCP segment. A proxy that
+ receives a TCP segment with the FIN bit set sends a DATA frame with
+ the END_STREAM flag set. Note that the final TCP segment or DATA
+ frame could be empty.
+
+
+
+Belshe, et al. Standards Track [Page 64]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ A TCP connection error is signaled with RST_STREAM. A proxy treats
+ any error in the TCP connection, which includes receiving a TCP
+ segment with the RST bit set, as a stream error (Section 5.4.2) of
+ type CONNECT_ERROR. Correspondingly, a proxy MUST send a TCP segment
+ with the RST bit set if it detects an error with the stream or the
+ HTTP/2 connection.
+
+9. Additional HTTP Requirements/Considerations
+
+ This section outlines attributes of the HTTP protocol that improve
+ interoperability, reduce exposure to known security vulnerabilities,
+ or reduce the potential for implementation variation.
+
+9.1. Connection Management
+
+ HTTP/2 connections are persistent. For best performance, it is
+ expected that clients will not close connections until it is
+ determined that no further communication with a server is necessary
+ (for example, when a user navigates away from a particular web page)
+ or until the server closes the connection.
+
+ Clients SHOULD NOT open more than one HTTP/2 connection to a given
+ host and port pair, where the host is derived from a URI, a selected
+ alternative service [ALT-SVC], or a configured proxy.
+
+ A client can create additional connections as replacements, either to
+ replace connections that are near to exhausting the available stream
+ identifier space (Section 5.1.1), to refresh the keying material for
+ a TLS connection, or to replace connections that have encountered
+ errors (Section 5.4.1).
+
+ A client MAY open multiple connections to the same IP address and TCP
+ port using different Server Name Indication [TLS-EXT] values or to
+ provide different TLS client certificates but SHOULD avoid creating
+ multiple connections with the same configuration.
+
+ Servers are encouraged to maintain open connections for as long as
+ possible but are permitted to terminate idle connections if
+ necessary. When either endpoint chooses to close the transport-layer
+ TCP connection, the terminating endpoint SHOULD first send a GOAWAY
+ (Section 6.8) frame so that both endpoints can reliably determine
+ whether previously sent frames have been processed and gracefully
+ complete or terminate any necessary remaining tasks.
+
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 65]
+
+RFC 7540 HTTP/2 May 2015
+
+
+9.1.1. Connection Reuse
+
+ Connections that are made to an origin server, either directly or
+ through a tunnel created using the CONNECT method (Section 8.3), MAY
+ be reused for requests with multiple different URI authority
+ components. A connection can be reused as long as the origin server
+ is authoritative (Section 10.1). For TCP connections without TLS,
+ this depends on the host having resolved to the same IP address.
+
+ For "https" resources, connection reuse additionally depends on
+ having a certificate that is valid for the host in the URI. The
+ certificate presented by the server MUST satisfy any checks that the
+ client would perform when forming a new TLS connection for the host
+ in the URI.
+
+ An origin server might offer a certificate with multiple
+ "subjectAltName" attributes or names with wildcards, one of which is
+ valid for the authority in the URI. For example, a certificate with
+ a "subjectAltName" of "*.example.com" might permit the use of the
+ same connection for requests to URIs starting with
+ "https://a.example.com/" and "https://b.example.com/".
+
+ In some deployments, reusing a connection for multiple origins can
+ result in requests being directed to the wrong origin server. For
+ example, TLS termination might be performed by a middlebox that uses
+ the TLS Server Name Indication (SNI) [TLS-EXT] extension to select an
+ origin server. This means that it is possible for clients to send
+ confidential information to servers that might not be the intended
+ target for the request, even though the server is otherwise
+ authoritative.
+
+ A server that does not wish clients to reuse connections can indicate
+ that it is not authoritative for a request by sending a 421
+ (Misdirected Request) status code in response to the request (see
+ Section 9.1.2).
+
+ A client that is configured to use a proxy over HTTP/2 directs
+ requests to that proxy through a single connection. That is, all
+ requests sent via a proxy reuse the connection to the proxy.
+
+9.1.2. The 421 (Misdirected Request) Status Code
+
+ The 421 (Misdirected Request) status code indicates that the request
+ was directed at a server that is not able to produce a response.
+ This can be sent by a server that is not configured to produce
+ responses for the combination of scheme and authority that are
+ included in the request URI.
+
+
+
+
+Belshe, et al. Standards Track [Page 66]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ Clients receiving a 421 (Misdirected Request) response from a server
+ MAY retry the request -- whether the request method is idempotent or
+ not -- over a different connection. This is possible if a connection
+ is reused (Section 9.1.1) or if an alternative service is selected
+ [ALT-SVC].
+
+ This status code MUST NOT be generated by proxies.
+
+ A 421 response is cacheable by default, i.e., unless otherwise
+ indicated by the method definition or explicit cache controls (see
+ Section 4.2.2 of [RFC7234]).
+
+9.2. Use of TLS Features
+
+ Implementations of HTTP/2 MUST use TLS version 1.2 [TLS12] or higher
+ for HTTP/2 over TLS. The general TLS usage guidance in [TLSBCP]
+ SHOULD be followed, with some additional restrictions that are
+ specific to HTTP/2.
+
+ The TLS implementation MUST support the Server Name Indication (SNI)
+ [TLS-EXT] extension to TLS. HTTP/2 clients MUST indicate the target
+ domain name when negotiating TLS.
+
+ Deployments of HTTP/2 that negotiate TLS 1.3 or higher need only
+ support and use the SNI extension; deployments of TLS 1.2 are subject
+ to the requirements in the following sections. Implementations are
+ encouraged to provide defaults that comply, but it is recognized that
+ deployments are ultimately responsible for compliance.
+
+9.2.1. TLS 1.2 Features
+
+ This section describes restrictions on the TLS 1.2 feature set that
+ can be used with HTTP/2. Due to deployment limitations, it might not
+ be possible to fail TLS negotiation when these restrictions are not
+ met. An endpoint MAY immediately terminate an HTTP/2 connection that
+ does not meet these TLS requirements with a connection error
+ (Section 5.4.1) of type INADEQUATE_SECURITY.
+
+ A deployment of HTTP/2 over TLS 1.2 MUST disable compression. TLS
+ compression can lead to the exposure of information that would not
+ otherwise be revealed [RFC3749]. Generic compression is unnecessary
+ since HTTP/2 provides compression features that are more aware of
+ context and therefore likely to be more appropriate for use for
+ performance, security, or other reasons.
+
+ A deployment of HTTP/2 over TLS 1.2 MUST disable renegotiation. An
+ endpoint MUST treat a TLS renegotiation as a connection error
+ (Section 5.4.1) of type PROTOCOL_ERROR. Note that disabling
+
+
+
+Belshe, et al. Standards Track [Page 67]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ renegotiation can result in long-lived connections becoming unusable
+ due to limits on the number of messages the underlying cipher suite
+ can encipher.
+
+ An endpoint MAY use renegotiation to provide confidentiality
+ protection for client credentials offered in the handshake, but any
+ renegotiation MUST occur prior to sending the connection preface. A
+ server SHOULD request a client certificate if it sees a renegotiation
+ request immediately after establishing a connection.
+
+ This effectively prevents the use of renegotiation in response to a
+ request for a specific protected resource. A future specification
+ might provide a way to support this use case. Alternatively, a
+ server might use an error (Section 5.4) of type HTTP_1_1_REQUIRED to
+ request the client use a protocol that supports renegotiation.
+
+ Implementations MUST support ephemeral key exchange sizes of at least
+ 2048 bits for cipher suites that use ephemeral finite field Diffie-
+ Hellman (DHE) [TLS12] and 224 bits for cipher suites that use
+ ephemeral elliptic curve Diffie-Hellman (ECDHE) [RFC4492]. Clients
+ MUST accept DHE sizes of up to 4096 bits. Endpoints MAY treat
+ negotiation of key sizes smaller than the lower limits as a
+ connection error (Section 5.4.1) of type INADEQUATE_SECURITY.
+
+9.2.2. TLS 1.2 Cipher Suites
+
+ A deployment of HTTP/2 over TLS 1.2 SHOULD NOT use any of the cipher
+ suites that are listed in the cipher suite black list (Appendix A).
+
+ Endpoints MAY choose to generate a connection error (Section 5.4.1)
+ of type INADEQUATE_SECURITY if one of the cipher suites from the
+ black list is negotiated. A deployment that chooses to use a black-
+ listed cipher suite risks triggering a connection error unless the
+ set of potential peers is known to accept that cipher suite.
+
+ Implementations MUST NOT generate this error in reaction to the
+ negotiation of a cipher suite that is not on the black list.
+ Consequently, when clients offer a cipher suite that is not on the
+ black list, they have to be prepared to use that cipher suite with
+ HTTP/2.
+
+ The black list includes the cipher suite that TLS 1.2 makes
+ mandatory, which means that TLS 1.2 deployments could have non-
+ intersecting sets of permitted cipher suites. To avoid this problem
+ causing TLS handshake failures, deployments of HTTP/2 that use TLS
+ 1.2 MUST support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [TLS-ECDHE]
+ with the P-256 elliptic curve [FIPS186].
+
+
+
+
+Belshe, et al. Standards Track [Page 68]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ Note that clients might advertise support of cipher suites that are
+ on the black list in order to allow for connection to servers that do
+ not support HTTP/2. This allows servers to select HTTP/1.1 with a
+ cipher suite that is on the HTTP/2 black list. However, this can
+ result in HTTP/2 being negotiated with a black-listed cipher suite if
+ the application protocol and cipher suite are independently selected.
+
+10. Security Considerations
+
+10.1. Server Authority
+
+ HTTP/2 relies on the HTTP/1.1 definition of authority for determining
+ whether a server is authoritative in providing a given response (see
+ [RFC7230], Section 9.1). This relies on local name resolution for
+ the "http" URI scheme and the authenticated server identity for the
+ "https" scheme (see [RFC2818], Section 3).
+
+10.2. Cross-Protocol Attacks
+
+ In a cross-protocol attack, an attacker causes a client to initiate a
+ transaction in one protocol toward a server that understands a
+ different protocol. An attacker might be able to cause the
+ transaction to appear as a valid transaction in the second protocol.
+ In combination with the capabilities of the web context, this can be
+ used to interact with poorly protected servers in private networks.
+
+ Completing a TLS handshake with an ALPN identifier for HTTP/2 can be
+ considered sufficient protection against cross-protocol attacks.
+ ALPN provides a positive indication that a server is willing to
+ proceed with HTTP/2, which prevents attacks on other TLS-based
+ protocols.
+
+ The encryption in TLS makes it difficult for attackers to control the
+ data that could be used in a cross-protocol attack on a cleartext
+ protocol.
+
+ The cleartext version of HTTP/2 has minimal protection against cross-
+ protocol attacks. The connection preface (Section 3.5) contains a
+ string that is designed to confuse HTTP/1.1 servers, but no special
+ protection is offered for other protocols. A server that is willing
+ to ignore parts of an HTTP/1.1 request containing an Upgrade header
+ field in addition to the client connection preface could be exposed
+ to a cross-protocol attack.
+
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 69]
+
+RFC 7540 HTTP/2 May 2015
+
+
+10.3. Intermediary Encapsulation Attacks
+
+ The HTTP/2 header field encoding allows the expression of names that
+ are not valid field names in the Internet Message Syntax used by
+ HTTP/1.1. Requests or responses containing invalid header field
+ names MUST be treated as malformed (Section 8.1.2.6). An
+ intermediary therefore cannot translate an HTTP/2 request or response
+ containing an invalid field name into an HTTP/1.1 message.
+
+ Similarly, HTTP/2 allows header field values that are not valid.
+ While most of the values that can be encoded will not alter header
+ field parsing, carriage return (CR, ASCII 0xd), line feed (LF, ASCII
+ 0xa), and the zero character (NUL, ASCII 0x0) might be exploited by
+ an attacker if they are translated verbatim. Any request or response
+ that contains a character not permitted in a header field value MUST
+ be treated as malformed (Section 8.1.2.6). Valid characters are
+ defined by the "field-content" ABNF rule in Section 3.2 of [RFC7230].
+
+10.4. Cacheability of Pushed Responses
+
+ Pushed responses do not have an explicit request from the client; the
+ request is provided by the server in the PUSH_PROMISE frame.
+
+ Caching responses that are pushed is possible based on the guidance
+ provided by the origin server in the Cache-Control header field.
+ However, this can cause issues if a single server hosts more than one
+ tenant. For example, a server might offer multiple users each a
+ small portion of its URI space.
+
+ Where multiple tenants share space on the same server, that server
+ MUST ensure that tenants are not able to push representations of
+ resources that they do not have authority over. Failure to enforce
+ this would allow a tenant to provide a representation that would be
+ served out of cache, overriding the actual representation that the
+ authoritative tenant provides.
+
+ Pushed responses for which an origin server is not authoritative (see
+ Section 10.1) MUST NOT be used or cached.
+
+10.5. Denial-of-Service Considerations
+
+ An HTTP/2 connection can demand a greater commitment of resources to
+ operate than an HTTP/1.1 connection. The use of header compression
+ and flow control depend on a commitment of resources for storing a
+ greater amount of state. Settings for these features ensure that
+ memory commitments for these features are strictly bounded.
+
+
+
+
+
+Belshe, et al. Standards Track [Page 70]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ The number of PUSH_PROMISE frames is not constrained in the same
+ fashion. A client that accepts server push SHOULD limit the number
+ of streams it allows to be in the "reserved (remote)" state. An
+ excessive number of server push streams can be treated as a stream
+ error (Section 5.4.2) of type ENHANCE_YOUR_CALM.
+
+ Processing capacity cannot be guarded as effectively as state
+ capacity.
+
+ The SETTINGS frame can be abused to cause a peer to expend additional
+ processing time. This might be done by pointlessly changing SETTINGS
+ parameters, setting multiple undefined parameters, or changing the
+ same setting multiple times in the same frame. WINDOW_UPDATE or
+ PRIORITY frames can be abused to cause an unnecessary waste of
+ resources.
+
+ Large numbers of small or empty frames can be abused to cause a peer
+ to expend time processing frame headers. Note, however, that some
+ uses are entirely legitimate, such as the sending of an empty DATA or
+ CONTINUATION frame at the end of a stream.
+
+ Header compression also offers some opportunities to waste processing
+ resources; see Section 7 of [COMPRESSION] for more details on
+ potential abuses.
+
+ Limits in SETTINGS parameters cannot be reduced instantaneously,
+ which leaves an endpoint exposed to behavior from a peer that could
+ exceed the new limits. In particular, immediately after establishing
+ a connection, limits set by a server are not known to clients and
+ could be exceeded without being an obvious protocol violation.
+
+ All these features -- i.e., SETTINGS changes, small frames, header
+ compression -- have legitimate uses. These features become a burden
+ only when they are used unnecessarily or to excess.
+
+ An endpoint that doesn't monitor this behavior exposes itself to a
+ risk of denial-of-service attack. Implementations SHOULD track the
+ use of these features and set limits on their use. An endpoint MAY
+ treat activity that is suspicious as a connection error
+ (Section 5.4.1) of type ENHANCE_YOUR_CALM.
+
+10.5.1. Limits on Header Block Size
+
+ A large header block (Section 4.3) can cause an implementation to
+ commit a large amount of state. Header fields that are critical for
+ routing can appear toward the end of a header block, which prevents
+ streaming of header fields to their ultimate destination. This
+ ordering and other reasons, such as ensuring cache correctness, mean
+
+
+
+Belshe, et al. Standards Track [Page 71]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ that an endpoint might need to buffer the entire header block. Since
+ there is no hard limit to the size of a header block, some endpoints
+ could be forced to commit a large amount of available memory for
+ header fields.
+
+ An endpoint can use the SETTINGS_MAX_HEADER_LIST_SIZE to advise peers
+ of limits that might apply on the size of header blocks. This
+ setting is only advisory, so endpoints MAY choose to send header
+ blocks that exceed this limit and risk having the request or response
+ being treated as malformed. This setting is specific to a
+ connection, so any request or response could encounter a hop with a
+ lower, unknown limit. An intermediary can attempt to avoid this
+ problem by passing on values presented by different peers, but they
+ are not obligated to do so.
+
+ A server that receives a larger header block than it is willing to
+ handle can send an HTTP 431 (Request Header Fields Too Large) status
+ code [RFC6585]. A client can discard responses that it cannot
+ process. The header block MUST be processed to ensure a consistent
+ connection state, unless the connection is closed.
+
+10.5.2. CONNECT Issues
+
+ The CONNECT method can be used to create disproportionate load on an
+ proxy, since stream creation is relatively inexpensive when compared
+ to the creation and maintenance of a TCP connection. A proxy might
+ also maintain some resources for a TCP connection beyond the closing
+ of the stream that carries the CONNECT request, since the outgoing
+ TCP connection remains in the TIME_WAIT state. Therefore, a proxy
+ cannot rely on SETTINGS_MAX_CONCURRENT_STREAMS alone to limit the
+ resources consumed by CONNECT requests.
+
+10.6. Use of Compression
+
+ Compression can allow an attacker to recover secret data when it is
+ compressed in the same context as data under attacker control.
+ HTTP/2 enables compression of header fields (Section 4.3); the
+ following concerns also apply to the use of HTTP compressed content-
+ codings ([RFC7231], Section 3.1.2.1).
+
+ There are demonstrable attacks on compression that exploit the
+ characteristics of the web (e.g., [BREACH]). The attacker induces
+ multiple requests containing varying plaintext, observing the length
+ of the resulting ciphertext in each, which reveals a shorter length
+ when a guess about the secret is correct.
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 72]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ Implementations communicating on a secure channel MUST NOT compress
+ content that includes both confidential and attacker-controlled data
+ unless separate compression dictionaries are used for each source of
+ data. Compression MUST NOT be used if the source of data cannot be
+ reliably determined. Generic stream compression, such as that
+ provided by TLS, MUST NOT be used with HTTP/2 (see Section 9.2).
+
+ Further considerations regarding the compression of header fields are
+ described in [COMPRESSION].
+
+10.7. Use of Padding
+
+ Padding within HTTP/2 is not intended as a replacement for general
+ purpose padding, such as might be provided by TLS [TLS12]. Redundant
+ padding could even be counterproductive. Correct application can
+ depend on having specific knowledge of the data that is being padded.
+
+ To mitigate attacks that rely on compression, disabling or limiting
+ compression might be preferable to padding as a countermeasure.
+
+ Padding can be used to obscure the exact size of frame content and is
+ provided to mitigate specific attacks within HTTP, for example,
+ attacks where compressed content includes both attacker-controlled
+ plaintext and secret data (e.g., [BREACH]).
+
+ Use of padding can result in less protection than might seem
+ immediately obvious. At best, padding only makes it more difficult
+ for an attacker to infer length information by increasing the number
+ of frames an attacker has to observe. Incorrectly implemented
+ padding schemes can be easily defeated. In particular, randomized
+ padding with a predictable distribution provides very little
+ protection; similarly, padding payloads to a fixed size exposes
+ information as payload sizes cross the fixed-sized boundary, which
+ could be possible if an attacker can control plaintext.
+
+ Intermediaries SHOULD retain padding for DATA frames but MAY drop
+ padding for HEADERS and PUSH_PROMISE frames. A valid reason for an
+ intermediary to change the amount of padding of frames is to improve
+ the protections that padding provides.
+
+10.8. Privacy Considerations
+
+ Several characteristics of HTTP/2 provide an observer an opportunity
+ to correlate actions of a single client or server over time. These
+ include the value of settings, the manner in which flow-control
+ windows are managed, the way priorities are allocated to streams, the
+ timing of reactions to stimulus, and the handling of any features
+ that are controlled by settings.
+
+
+
+Belshe, et al. Standards Track [Page 73]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ As far as these create observable differences in behavior, they could
+ be used as a basis for fingerprinting a specific client, as defined
+ in Section 1.8 of [HTML5].
+
+ HTTP/2's preference for using a single TCP connection allows
+ correlation of a user's activity on a site. Reusing connections for
+ different origins allows tracking across those origins.
+
+ Because the PING and SETTINGS frames solicit immediate responses,
+ they can be used by an endpoint to measure latency to their peer.
+ This might have privacy implications in certain scenarios.
+
+11. IANA Considerations
+
+ A string for identifying HTTP/2 is entered into the "Application-
+ Layer Protocol Negotiation (ALPN) Protocol IDs" registry established
+ in [TLS-ALPN].
+
+ This document establishes a registry for frame types, settings, and
+ error codes. These new registries appear in the new "Hypertext
+ Transfer Protocol version 2 (HTTP/2) Parameters" section.
+
+ This document registers the HTTP2-Settings header field for use in
+ HTTP; it also registers the 421 (Misdirected Request) status code.
+
+ This document registers the "PRI" method for use in HTTP to avoid
+ collisions with the connection preface (Section 3.5).
+
+11.1. Registration of HTTP/2 Identification Strings
+
+ This document creates two registrations for the identification of
+ HTTP/2 (see Section 3.3) in the "Application-Layer Protocol
+ Negotiation (ALPN) Protocol IDs" registry established in [TLS-ALPN].
+
+ The "h2" string identifies HTTP/2 when used over TLS:
+
+ Protocol: HTTP/2 over TLS
+
+ Identification Sequence: 0x68 0x32 ("h2")
+
+ Specification: This document
+
+ The "h2c" string identifies HTTP/2 when used over cleartext TCP:
+
+ Protocol: HTTP/2 over TCP
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 74]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ Identification Sequence: 0x68 0x32 0x63 ("h2c")
+
+ Specification: This document
+
+11.2. Frame Type Registry
+
+ This document establishes a registry for HTTP/2 frame type codes.
+ The "HTTP/2 Frame Type" registry manages an 8-bit space. The "HTTP/2
+ Frame Type" registry operates under either of the "IETF Review" or
+ "IESG Approval" policies [RFC5226] for values between 0x00 and 0xef,
+ with values between 0xf0 and 0xff being reserved for Experimental
+ Use.
+
+ New entries in this registry require the following information:
+
+ Frame Type: A name or label for the frame type.
+
+ Code: The 8-bit code assigned to the frame type.
+
+ Specification: A reference to a specification that includes a
+ description of the frame layout, its semantics, and flags that the
+ frame type uses, including any parts of the frame that are
+ conditionally present based on the value of flags.
+
+ The entries in the following table are registered by this document.
+
+ +---------------+------+--------------+
+ | Frame Type | Code | Section |
+ +---------------+------+--------------+
+ | DATA | 0x0 | Section 6.1 |
+ | HEADERS | 0x1 | Section 6.2 |
+ | PRIORITY | 0x2 | Section 6.3 |
+ | RST_STREAM | 0x3 | Section 6.4 |
+ | SETTINGS | 0x4 | Section 6.5 |
+ | PUSH_PROMISE | 0x5 | Section 6.6 |
+ | PING | 0x6 | Section 6.7 |
+ | GOAWAY | 0x7 | Section 6.8 |
+ | WINDOW_UPDATE | 0x8 | Section 6.9 |
+ | CONTINUATION | 0x9 | Section 6.10 |
+ +---------------+------+--------------+
+
+11.3. Settings Registry
+
+ This document establishes a registry for HTTP/2 settings. The
+ "HTTP/2 Settings" registry manages a 16-bit space. The "HTTP/2
+ Settings" registry operates under the "Expert Review" policy
+ [RFC5226] for values in the range from 0x0000 to 0xefff, with values
+ between and 0xf000 and 0xffff being reserved for Experimental Use.
+
+
+
+Belshe, et al. Standards Track [Page 75]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ New registrations are advised to provide the following information:
+
+ Name: A symbolic name for the setting. Specifying a setting name is
+ optional.
+
+ Code: The 16-bit code assigned to the setting.
+
+ Initial Value: An initial value for the setting.
+
+ Specification: An optional reference to a specification that
+ describes the use of the setting.
+
+ The entries in the following table are registered by this document.
+
+ +------------------------+------+---------------+---------------+
+ | Name | Code | Initial Value | Specification |
+ +------------------------+------+---------------+---------------+
+ | HEADER_TABLE_SIZE | 0x1 | 4096 | Section 6.5.2 |
+ | ENABLE_PUSH | 0x2 | 1 | Section 6.5.2 |
+ | MAX_CONCURRENT_STREAMS | 0x3 | (infinite) | Section 6.5.2 |
+ | INITIAL_WINDOW_SIZE | 0x4 | 65535 | Section 6.5.2 |
+ | MAX_FRAME_SIZE | 0x5 | 16384 | Section 6.5.2 |
+ | MAX_HEADER_LIST_SIZE | 0x6 | (infinite) | Section 6.5.2 |
+ +------------------------+------+---------------+---------------+
+
+11.4. Error Code Registry
+
+ This document establishes a registry for HTTP/2 error codes. The
+ "HTTP/2 Error Code" registry manages a 32-bit space. The "HTTP/2
+ Error Code" registry operates under the "Expert Review" policy
+ [RFC5226].
+
+ Registrations for error codes are required to include a description
+ of the error code. An expert reviewer is advised to examine new
+ registrations for possible duplication with existing error codes.
+ Use of existing registrations is to be encouraged, but not mandated.
+
+ New registrations are advised to provide the following information:
+
+ Name: A name for the error code. Specifying an error code name is
+ optional.
+
+ Code: The 32-bit error code value.
+
+ Description: A brief description of the error code semantics, longer
+ if no detailed specification is provided.
+
+
+
+
+
+Belshe, et al. Standards Track [Page 76]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ Specification: An optional reference for a specification that
+ defines the error code.
+
+ The entries in the following table are registered by this document.
+
+ +---------------------+------+----------------------+---------------+
+ | Name | Code | Description | Specification |
+ +---------------------+------+----------------------+---------------+
+ | NO_ERROR | 0x0 | Graceful shutdown | Section 7 |
+ | PROTOCOL_ERROR | 0x1 | Protocol error | Section 7 |
+ | | | detected | |
+ | INTERNAL_ERROR | 0x2 | Implementation fault | Section 7 |
+ | FLOW_CONTROL_ERROR | 0x3 | Flow-control limits | Section 7 |
+ | | | exceeded | |
+ | SETTINGS_TIMEOUT | 0x4 | Settings not | Section 7 |
+ | | | acknowledged | |
+ | STREAM_CLOSED | 0x5 | Frame received for | Section 7 |
+ | | | closed stream | |
+ | FRAME_SIZE_ERROR | 0x6 | Frame size incorrect | Section 7 |
+ | REFUSED_STREAM | 0x7 | Stream not processed | Section 7 |
+ | CANCEL | 0x8 | Stream cancelled | Section 7 |
+ | COMPRESSION_ERROR | 0x9 | Compression state | Section 7 |
+ | | | not updated | |
+ | CONNECT_ERROR | 0xa | TCP connection error | Section 7 |
+ | | | for CONNECT method | |
+ | ENHANCE_YOUR_CALM | 0xb | Processing capacity | Section 7 |
+ | | | exceeded | |
+ | INADEQUATE_SECURITY | 0xc | Negotiated TLS | Section 7 |
+ | | | parameters not | |
+ | | | acceptable | |
+ | HTTP_1_1_REQUIRED | 0xd | Use HTTP/1.1 for the | Section 7 |
+ | | | request | |
+ +---------------------+------+----------------------+---------------+
+
+11.5. HTTP2-Settings Header Field Registration
+
+ This section registers the HTTP2-Settings header field in the
+ "Permanent Message Header Field Names" registry [BCP90].
+
+ Header field name: HTTP2-Settings
+
+ Applicable protocol: http
+
+ Status: standard
+
+ Author/Change controller: IETF
+
+
+
+
+
+Belshe, et al. Standards Track [Page 77]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ Specification document(s): Section 3.2.1 of this document
+
+ Related information: This header field is only used by an HTTP/2
+ client for Upgrade-based negotiation.
+
+11.6. PRI Method Registration
+
+ This section registers the "PRI" method in the "HTTP Method Registry"
+ ([RFC7231], Section 8.1).
+
+ Method Name: PRI
+
+ Safe: Yes
+
+ Idempotent: Yes
+
+ Specification document(s): Section 3.5 of this document
+
+ Related information: This method is never used by an actual client.
+ This method will appear to be used when an HTTP/1.1 server or
+ intermediary attempts to parse an HTTP/2 connection preface.
+
+11.7. The 421 (Misdirected Request) HTTP Status Code
+
+ This document registers the 421 (Misdirected Request) HTTP status
+ code in the "HTTP Status Codes" registry ([RFC7231], Section 8.2).
+
+ Status Code: 421
+
+ Short Description: Misdirected Request
+
+ Specification: Section 9.1.2 of this document
+
+11.8. The h2c Upgrade Token
+
+ This document registers the "h2c" upgrade token in the "HTTP Upgrade
+ Tokens" registry ([RFC7230], Section 8.6).
+
+ Value: h2c
+
+ Description: Hypertext Transfer Protocol version 2 (HTTP/2)
+
+ Expected Version Tokens: None
+
+ Reference: Section 3.2 of this document
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 78]
+
+RFC 7540 HTTP/2 May 2015
+
+
+12. References
+
+12.1. Normative References
+
+ [COMPRESSION] Peon, R. and H. Ruellan, "HPACK: Header Compression for
+ HTTP/2", RFC 7541, DOI 10.17487/RFC7541, May 2015,
+ <http://www.rfc-editor.org/info/rfc7541>.
+
+ [COOKIE] Barth, A., "HTTP State Management Mechanism", RFC 6265,
+ DOI 10.17487/RFC6265, April 2011,
+ <http://www.rfc-editor.org/info/rfc6265>.
+
+ [FIPS186] NIST, "Digital Signature Standard (DSS)", FIPS PUB
+ 186-4, July 2013,
+ <http://dx.doi.org/10.6028/NIST.FIPS.186-4>.
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
+ RFC2119, March 1997,
+ <http://www.rfc-editor.org/info/rfc2119>.
+
+ [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, DOI 10.17487/
+ RFC2818, May 2000,
+ <http://www.rfc-editor.org/info/rfc2818>.
+
+ [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter,
+ "Uniform Resource Identifier (URI): Generic Syntax",
+ STD 66, RFC 3986, DOI 10.17487/RFC3986, January 2005,
+ <http://www.rfc-editor.org/info/rfc3986>.
+
+ [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
+ Encodings", RFC 4648, DOI 10.17487/RFC4648, October
+ 2006, <http://www.rfc-editor.org/info/rfc4648>.
+
+ [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing
+ an IANA Considerations Section in RFCs", BCP 26,
+ RFC 5226, DOI 10.17487/RFC5226, May 2008,
+ <http://www.rfc-editor.org/info/rfc5226>.
+
+ [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for
+ Syntax Specifications: ABNF", STD 68, RFC 5234,
+ DOI 10.17487/ RFC5234, January 2008,
+ <http://www.rfc-editor.org/info/rfc5234>.
+
+ [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
+ Transfer Protocol (HTTP/1.1): Message Syntax and
+ Routing", RFC 7230, DOI 10.17487/RFC7230, June 2014,
+ <http://www.rfc-editor.org/info/rfc7230>.
+
+
+
+Belshe, et al. Standards Track [Page 79]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
+ Transfer Protocol (HTTP/1.1): Semantics and Content",
+ RFC 7231, DOI 10.17487/RFC7231, June 2014,
+ <http://www.rfc-editor.org/info/rfc7231>.
+
+ [RFC7232] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
+ Transfer Protocol (HTTP/1.1): Conditional Requests",
+ RFC 7232, DOI 10.17487/RFC7232, June 2014,
+ <http://www.rfc-editor.org/info/rfc7232>.
+
+ [RFC7233] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed.,
+ "Hypertext Transfer Protocol (HTTP/1.1): Range
+ Requests", RFC 7233, DOI 10.17487/RFC7233, June 2014,
+ <http://www.rfc-editor.org/info/rfc7233>.
+
+ [RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
+ Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
+ RFC 7234, DOI 10.17487/RFC7234, June 2014,
+ <http://www.rfc-editor.org/info/rfc7234>.
+
+ [RFC7235] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
+ Transfer Protocol (HTTP/1.1): Authentication",
+ RFC 7235, DOI 10.17487/RFC7235, June 2014,
+ <http://www.rfc-editor.org/info/rfc7235>.
+
+ [TCP] Postel, J., "Transmission Control Protocol", STD 7, RFC
+ 793, DOI 10.17487/RFC0793, September 1981,
+ <http://www.rfc-editor.org/info/rfc793>.
+
+ [TLS-ALPN] Friedl, S., Popov, A., Langley, A., and E. Stephan,
+ "Transport Layer Security (TLS) Application-Layer
+ Protocol Negotiation Extension", RFC 7301,
+ DOI 10.17487/RFC7301, July 2014,
+ <http://www.rfc-editor.org/info/rfc7301>.
+
+ [TLS-ECDHE] Rescorla, E., "TLS Elliptic Curve Cipher Suites with
+ SHA-256/384 and AES Galois Counter Mode (GCM)",
+ RFC 5289, DOI 10.17487/RFC5289, August 2008,
+ <http://www.rfc-editor.org/info/rfc5289>.
+
+ [TLS-EXT] Eastlake 3rd, D., "Transport Layer Security (TLS)
+ Extensions: Extension Definitions", RFC 6066,
+ DOI 10.17487/RFC6066, January 2011,
+ <http://www.rfc-editor.org/info/rfc6066>.
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 80]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ [TLS12] Dierks, T. and E. Rescorla, "The Transport Layer
+ Security (TLS) Protocol Version 1.2", RFC 5246,
+ DOI 10.17487/ RFC5246, August 2008,
+ <http://www.rfc-editor.org/info/rfc5246>.
+
+12.2. Informative References
+
+ [ALT-SVC] Nottingham, M., McManus, P., and J. Reschke, "HTTP
+ Alternative Services", Work in Progress, draft-ietf-
+ httpbis-alt-svc-06, February 2015.
+
+ [BCP90] Klyne, G., Nottingham, M., and J. Mogul, "Registration
+ Procedures for Message Header Fields", BCP 90,
+ RFC 3864, September 2004,
+ <http://www.rfc-editor.org/info/bcp90>.
+
+ [BREACH] Gluck, Y., Harris, N., and A. Prado, "BREACH: Reviving
+ the CRIME Attack", July 2013,
+ <http://breachattack.com/resources/
+ BREACH%20-%20SSL,%20gone%20in%2030%20seconds.pdf>.
+
+ [HTML5] Hickson, I., Berjon, R., Faulkner, S., Leithead, T.,
+ Doyle Navara, E., O'Connor, E., and S. Pfeiffer,
+ "HTML5", W3C Recommendation REC-html5-20141028, October
+ 2014, <http://www.w3.org/TR/2014/REC-html5-20141028/>.
+
+ [RFC3749] Hollenbeck, S., "Transport Layer Security Protocol
+ Compression Methods", RFC 3749, DOI 10.17487/RFC3749,
+ May 2004, <http://www.rfc-editor.org/info/rfc3749>.
+
+ [RFC4492] Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., and
+ B. Moeller, "Elliptic Curve Cryptography (ECC) Cipher
+ Suites for Transport Layer Security (TLS)", RFC 4492,
+ DOI 10.17487/RFC4492, May 2006,
+ <http://www.rfc-editor.org/info/rfc4492>.
+
+ [RFC6585] Nottingham, M. and R. Fielding, "Additional HTTP Status
+ Codes", RFC 6585, DOI 10.17487/RFC6585, April 2012,
+ <http://www.rfc-editor.org/info/rfc6585>.
+
+ [RFC7323] Borman, D., Braden, B., Jacobson, V., and R.
+ Scheffenegger, Ed., "TCP Extensions for High
+ Performance", RFC 7323, DOI 10.17487/RFC7323, September
+ 2014, <http://www.rfc-editor.org/info/rfc7323>.
+
+ [TALKING] Huang, L., Chen, E., Barth, A., Rescorla, E., and C.
+ Jackson, "Talking to Yourself for Fun and Profit",
+ 2011, <http://w2spconf.com/2011/papers/websocket.pdf>.
+
+
+
+Belshe, et al. Standards Track [Page 81]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ [TLSBCP] Sheffer, Y., Holz, R., and P. Saint-Andre,
+ "Recommendations for Secure Use of Transport Layer
+ Security (TLS) and Datagram Transport Layer Security
+ (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May
+ 2015, <http://www.rfc-editor.org/info/rfc7525>.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 82]
+
+RFC 7540 HTTP/2 May 2015
+
+
+Appendix A. TLS 1.2 Cipher Suite Black List
+
+ An HTTP/2 implementation MAY treat the negotiation of any of the
+ following cipher suites with TLS 1.2 as a connection error
+ (Section 5.4.1) of type INADEQUATE_SECURITY:
+
+ o TLS_NULL_WITH_NULL_NULL
+
+ o TLS_RSA_WITH_NULL_MD5
+
+ o TLS_RSA_WITH_NULL_SHA
+
+ o TLS_RSA_EXPORT_WITH_RC4_40_MD5
+
+ o TLS_RSA_WITH_RC4_128_MD5
+
+ o TLS_RSA_WITH_RC4_128_SHA
+
+ o TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
+
+ o TLS_RSA_WITH_IDEA_CBC_SHA
+
+ o TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
+
+ o TLS_RSA_WITH_DES_CBC_SHA
+
+ o TLS_RSA_WITH_3DES_EDE_CBC_SHA
+
+ o TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
+
+ o TLS_DH_DSS_WITH_DES_CBC_SHA
+
+ o TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
+
+ o TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
+
+ o TLS_DH_RSA_WITH_DES_CBC_SHA
+
+ o TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
+
+ o TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
+
+ o TLS_DHE_DSS_WITH_DES_CBC_SHA
+
+ o TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
+
+ o TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
+
+
+
+
+Belshe, et al. Standards Track [Page 83]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ o TLS_DHE_RSA_WITH_DES_CBC_SHA
+
+ o TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+
+ o TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
+
+ o TLS_DH_anon_WITH_RC4_128_MD5
+
+ o TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
+
+ o TLS_DH_anon_WITH_DES_CBC_SHA
+
+ o TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
+
+ o TLS_KRB5_WITH_DES_CBC_SHA
+
+ o TLS_KRB5_WITH_3DES_EDE_CBC_SHA
+
+ o TLS_KRB5_WITH_RC4_128_SHA
+
+ o TLS_KRB5_WITH_IDEA_CBC_SHA
+
+ o TLS_KRB5_WITH_DES_CBC_MD5
+
+ o TLS_KRB5_WITH_3DES_EDE_CBC_MD5
+
+ o TLS_KRB5_WITH_RC4_128_MD5
+
+ o TLS_KRB5_WITH_IDEA_CBC_MD5
+
+ o TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
+
+ o TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA
+
+ o TLS_KRB5_EXPORT_WITH_RC4_40_SHA
+
+ o TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
+
+ o TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5
+
+ o TLS_KRB5_EXPORT_WITH_RC4_40_MD5
+
+ o TLS_PSK_WITH_NULL_SHA
+
+ o TLS_DHE_PSK_WITH_NULL_SHA
+
+ o TLS_RSA_PSK_WITH_NULL_SHA
+
+
+
+
+Belshe, et al. Standards Track [Page 84]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ o TLS_RSA_WITH_AES_128_CBC_SHA
+
+ o TLS_DH_DSS_WITH_AES_128_CBC_SHA
+
+ o TLS_DH_RSA_WITH_AES_128_CBC_SHA
+
+ o TLS_DHE_DSS_WITH_AES_128_CBC_SHA
+
+ o TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+
+ o TLS_DH_anon_WITH_AES_128_CBC_SHA
+
+ o TLS_RSA_WITH_AES_256_CBC_SHA
+
+ o TLS_DH_DSS_WITH_AES_256_CBC_SHA
+
+ o TLS_DH_RSA_WITH_AES_256_CBC_SHA
+
+ o TLS_DHE_DSS_WITH_AES_256_CBC_SHA
+
+ o TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+
+ o TLS_DH_anon_WITH_AES_256_CBC_SHA
+
+ o TLS_RSA_WITH_NULL_SHA256
+
+ o TLS_RSA_WITH_AES_128_CBC_SHA256
+
+ o TLS_RSA_WITH_AES_256_CBC_SHA256
+
+ o TLS_DH_DSS_WITH_AES_128_CBC_SHA256
+
+ o TLS_DH_RSA_WITH_AES_128_CBC_SHA256
+
+ o TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
+
+ o TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+
+ o TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA
+
+ o TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA
+
+ o TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
+
+ o TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+
+ o TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
+
+
+
+
+Belshe, et al. Standards Track [Page 85]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ o TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+
+ o TLS_DH_DSS_WITH_AES_256_CBC_SHA256
+
+ o TLS_DH_RSA_WITH_AES_256_CBC_SHA256
+
+ o TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
+
+ o TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+
+ o TLS_DH_anon_WITH_AES_128_CBC_SHA256
+
+ o TLS_DH_anon_WITH_AES_256_CBC_SHA256
+
+ o TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+
+ o TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA
+
+ o TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA
+
+ o TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
+
+ o TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+
+ o TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
+
+ o TLS_PSK_WITH_RC4_128_SHA
+
+ o TLS_PSK_WITH_3DES_EDE_CBC_SHA
+
+ o TLS_PSK_WITH_AES_128_CBC_SHA
+
+ o TLS_PSK_WITH_AES_256_CBC_SHA
+
+ o TLS_DHE_PSK_WITH_RC4_128_SHA
+
+ o TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+
+ o TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+
+ o TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+
+ o TLS_RSA_PSK_WITH_RC4_128_SHA
+
+ o TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+
+ o TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+
+
+
+
+Belshe, et al. Standards Track [Page 86]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ o TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+
+ o TLS_RSA_WITH_SEED_CBC_SHA
+
+ o TLS_DH_DSS_WITH_SEED_CBC_SHA
+
+ o TLS_DH_RSA_WITH_SEED_CBC_SHA
+
+ o TLS_DHE_DSS_WITH_SEED_CBC_SHA
+
+ o TLS_DHE_RSA_WITH_SEED_CBC_SHA
+
+ o TLS_DH_anon_WITH_SEED_CBC_SHA
+
+ o TLS_RSA_WITH_AES_128_GCM_SHA256
+
+ o TLS_RSA_WITH_AES_256_GCM_SHA384
+
+ o TLS_DH_RSA_WITH_AES_128_GCM_SHA256
+
+ o TLS_DH_RSA_WITH_AES_256_GCM_SHA384
+
+ o TLS_DH_DSS_WITH_AES_128_GCM_SHA256
+
+ o TLS_DH_DSS_WITH_AES_256_GCM_SHA384
+
+ o TLS_DH_anon_WITH_AES_128_GCM_SHA256
+
+ o TLS_DH_anon_WITH_AES_256_GCM_SHA384
+
+ o TLS_PSK_WITH_AES_128_GCM_SHA256
+
+ o TLS_PSK_WITH_AES_256_GCM_SHA384
+
+ o TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+
+ o TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+
+ o TLS_PSK_WITH_AES_128_CBC_SHA256
+
+ o TLS_PSK_WITH_AES_256_CBC_SHA384
+
+ o TLS_PSK_WITH_NULL_SHA256
+
+ o TLS_PSK_WITH_NULL_SHA384
+
+ o TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+
+
+
+
+Belshe, et al. Standards Track [Page 87]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ o TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+
+ o TLS_DHE_PSK_WITH_NULL_SHA256
+
+ o TLS_DHE_PSK_WITH_NULL_SHA384
+
+ o TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+
+ o TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+
+ o TLS_RSA_PSK_WITH_NULL_SHA256
+
+ o TLS_RSA_PSK_WITH_NULL_SHA384
+
+ o TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+
+ o TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256
+
+ o TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+
+ o TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
+
+ o TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+
+ o TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256
+
+ o TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+
+ o TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256
+
+ o TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256
+
+ o TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
+
+ o TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+
+ o TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256
+
+ o TLS_EMPTY_RENEGOTIATION_INFO_SCSV
+
+ o TLS_ECDH_ECDSA_WITH_NULL_SHA
+
+ o TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+
+ o TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+
+ o TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+
+
+
+
+Belshe, et al. Standards Track [Page 88]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ o TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+
+ o TLS_ECDHE_ECDSA_WITH_NULL_SHA
+
+ o TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+
+ o TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+
+ o TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+
+ o TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+
+ o TLS_ECDH_RSA_WITH_NULL_SHA
+
+ o TLS_ECDH_RSA_WITH_RC4_128_SHA
+
+ o TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+
+ o TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+
+ o TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+
+ o TLS_ECDHE_RSA_WITH_NULL_SHA
+
+ o TLS_ECDHE_RSA_WITH_RC4_128_SHA
+
+ o TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+
+ o TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+
+ o TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+ o TLS_ECDH_anon_WITH_NULL_SHA
+
+ o TLS_ECDH_anon_WITH_RC4_128_SHA
+
+ o TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
+
+ o TLS_ECDH_anon_WITH_AES_128_CBC_SHA
+
+ o TLS_ECDH_anon_WITH_AES_256_CBC_SHA
+
+ o TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA
+
+ o TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
+
+ o TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
+
+
+
+
+Belshe, et al. Standards Track [Page 89]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ o TLS_SRP_SHA_WITH_AES_128_CBC_SHA
+
+ o TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
+
+ o TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
+
+ o TLS_SRP_SHA_WITH_AES_256_CBC_SHA
+
+ o TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
+
+ o TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
+
+ o TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+
+ o TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+
+ o TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+
+ o TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+
+ o TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+
+ o TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+
+ o TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+
+ o TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+
+ o TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+
+ o TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+
+ o TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+
+ o TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+
+ o TLS_ECDHE_PSK_WITH_RC4_128_SHA
+
+ o TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+
+ o TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+
+ o TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+
+ o TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+
+ o TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+
+
+
+
+Belshe, et al. Standards Track [Page 90]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ o TLS_ECDHE_PSK_WITH_NULL_SHA
+
+ o TLS_ECDHE_PSK_WITH_NULL_SHA256
+
+ o TLS_ECDHE_PSK_WITH_NULL_SHA384
+
+ o TLS_RSA_WITH_ARIA_128_CBC_SHA256
+
+ o TLS_RSA_WITH_ARIA_256_CBC_SHA384
+
+ o TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256
+
+ o TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384
+
+ o TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256
+
+ o TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384
+
+ o TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256
+
+ o TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384
+
+ o TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
+
+ o TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
+
+ o TLS_DH_anon_WITH_ARIA_128_CBC_SHA256
+
+ o TLS_DH_anon_WITH_ARIA_256_CBC_SHA384
+
+ o TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
+
+ o TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
+
+ o TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
+
+ o TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
+
+ o TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
+
+ o TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
+
+ o TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
+
+ o TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
+
+ o TLS_RSA_WITH_ARIA_128_GCM_SHA256
+
+
+
+
+Belshe, et al. Standards Track [Page 91]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ o TLS_RSA_WITH_ARIA_256_GCM_SHA384
+
+ o TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256
+
+ o TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384
+
+ o TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256
+
+ o TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384
+
+ o TLS_DH_anon_WITH_ARIA_128_GCM_SHA256
+
+ o TLS_DH_anon_WITH_ARIA_256_GCM_SHA384
+
+ o TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
+
+ o TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
+
+ o TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
+
+ o TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
+
+ o TLS_PSK_WITH_ARIA_128_CBC_SHA256
+
+ o TLS_PSK_WITH_ARIA_256_CBC_SHA384
+
+ o TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
+
+ o TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
+
+ o TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
+
+ o TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
+
+ o TLS_PSK_WITH_ARIA_128_GCM_SHA256
+
+ o TLS_PSK_WITH_ARIA_256_GCM_SHA384
+
+ o TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
+
+ o TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
+
+ o TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
+
+ o TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
+
+ o TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+
+
+
+
+Belshe, et al. Standards Track [Page 92]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ o TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+
+ o TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+
+ o TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+
+ o TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+
+ o TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+
+ o TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+
+ o TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+
+ o TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+
+ o TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+
+ o TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+
+ o TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+
+ o TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256
+
+ o TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384
+
+ o TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256
+
+ o TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384
+
+ o TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+
+ o TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+
+ o TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+
+ o TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+
+ o TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+
+ o TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+
+ o TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+
+ o TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+
+ o TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+
+
+
+
+Belshe, et al. Standards Track [Page 93]
+
+RFC 7540 HTTP/2 May 2015
+
+
+ o TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+
+ o TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+
+ o TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+
+ o TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+
+ o TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+
+ o TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+
+ o TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+
+ o TLS_RSA_WITH_AES_128_CCM
+
+ o TLS_RSA_WITH_AES_256_CCM
+
+ o TLS_RSA_WITH_AES_128_CCM_8
+
+ o TLS_RSA_WITH_AES_256_CCM_8
+
+ o TLS_PSK_WITH_AES_128_CCM
+
+ o TLS_PSK_WITH_AES_256_CCM
+
+ o TLS_PSK_WITH_AES_128_CCM_8
+
+ o TLS_PSK_WITH_AES_256_CCM_8
+
+ Note: This list was assembled from the set of registered TLS
+ cipher suites at the time of writing. This list includes those
+ cipher suites that do not offer an ephemeral key exchange and
+ those that are based on the TLS null, stream, or block cipher type
+ (as defined in Section 6.2.3 of [TLS12]). Additional cipher
+ suites with these properties could be defined; these would not be
+ explicitly prohibited.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 94]
+
+RFC 7540 HTTP/2 May 2015
+
+
+Acknowledgements
+
+ This document includes substantial input from the following
+ individuals:
+
+ o Adam Langley, Wan-Teh Chang, Jim Morrison, Mark Nottingham, Alyssa
+ Wilk, Costin Manolache, William Chan, Vitaliy Lvin, Joe Chan, Adam
+ Barth, Ryan Hamilton, Gavin Peters, Kent Alstad, Kevin Lindsay,
+ Paul Amer, Fan Yang, and Jonathan Leighton (SPDY contributors).
+
+ o Gabriel Montenegro and Willy Tarreau (Upgrade mechanism).
+
+ o William Chan, Salvatore Loreto, Osama Mazahir, Gabriel Montenegro,
+ Jitu Padhye, Roberto Peon, and Rob Trace (Flow control).
+
+ o Mike Bishop (Extensibility).
+
+ o Mark Nottingham, Julian Reschke, James Snell, Jeff Pinner, Mike
+ Bishop, and Herve Ruellan (Substantial editorial contributions).
+
+ o Kari Hurtta, Tatsuhiro Tsujikawa, Greg Wilkins, Poul-Henning Kamp,
+ and Jonathan Thackray.
+
+ o Alexey Melnikov, who was an editor of this document in 2013.
+
+ A substantial proportion of Martin's contribution was supported by
+ Microsoft during his employment there.
+
+ The Japanese HTTP/2 community provided invaluable contributions,
+ including a number of implementations as well as numerous technical
+ and editorial contributions.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 95]
+
+RFC 7540 HTTP/2 May 2015
+
+
+Authors' Addresses
+
+ Mike Belshe
+ BitGo
+
+ EMail: mike@belshe.com
+
+
+ Roberto Peon
+ Google, Inc
+
+ EMail: fenix@google.com
+
+
+ Martin Thomson (editor)
+ Mozilla
+ 331 E Evelyn Street
+ Mountain View, CA 94041
+ United States
+
+ EMail: martin.thomson@gmail.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Belshe, et al. Standards Track [Page 96]
+