RFC 7540 – HTTP/2 protocol, (Mon, Jun 15th)

RFC 7540 has been out for a month now. What should we expect with this new version?

1. New frame: HTTP/2 implements a binary protocol with the following frame structure:

  • Length: The length of the frame payload expressed as an unsigned 24-bit integer. Values greater than 2^14 must not be sent unless the receiver has set a larger value for SETTINGS_MAX_FRAME_SIZE parameter.
  • Type: The 8-bit type of the frame. It determines the format and semantics of the frame.”>Length: The length of the frame payload expressed as an unsigned 24 bit integer. Values greater than 2^14 must not be sent unless the receiver has set a larger value for”>Type: The 8-bit type of the frame. The frame type determines the format and semantics of the frame.”>RST_STREAM: Type 0x3, allows for immediate termination of a stream.”>Settings: Type 0x4, used to transmit configuration parameters that affect how endpoints communicate, such as preferences and constraints on peer behavior.”>GOAWAY: 0x7, used to initiate shutdown of a connection or to signal serious error conditions.”>Continuation: type=0x9, used to continue a sequence of header block fragments.”>Stream Identifier: A stream identifier expressed as an unsigned 31-bit integer. The value 0x0 is reserved for frames that are associated with the connection as a whole as opposed to an individual stream.

2. Security:

  • Implementations of HTTP/2 MUST use TLS version 1.2 or higher for HTTP/2 over TLS. The general TLS usage guidance in RFC 7525 should be followed.
  • The TLS implementation MUST support the Server Name Indication (SNI) extension to TLS.”>Safari supports HTTP/2 in version 8.1, but only for OS X v10.11 and iOS 9.

Manuel Humberto Santander Pelez
SANS Internet Storm Center – Handler
Twitter: @manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Reposted from SANS. View original.

CyberSafe-WP-Admin