RFC 7540 – Hypertext Transfer Protocol Version 2 �HTTP/2�
Internet Engineering Task Force (IETF) M. Belshe
Request for Comments: 7540 BitGo
Category: Standards Track R. Peon
ISSN: 2070-1721 Google, Inc
M. Thomson, Ed.
Mozilla
May 2015
Hypertext Transfer Protocol Version 2 (HTTP/2)
Abstract
This specification describes an optimized expression of the semantics
of the Hypertext Transfer Protocol (HTTP), referred to as HTTP
version 2 (HTTP/2). HTTP/2 enables a more efficient use of network
resources and a reduced perception of latency by introducing header
field compression and allowing multiple concurrent exchanges on the
same connection. It also introduces unsolicited push of
representations from servers to clients.
This specification is an alternative to, but does not obsolete, the
HTTP/1.1 message syntax. HTTP’s existing semantics remain unchanged.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7540.
Belshe, et al. Standards Track [Page 1]
https://tools.ietf.org/pdf/rfc5741#section-2
http://www.rfc-editor.org/info/rfc7540
RFC 7540 HTTP/2 May 2015
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust’s Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction …………………………………………….4
2. HTTP/2 Protocol Overview ………………………………….5
2.1. Document Organization ………………………………..6
2.2. Conventions and Terminology …………………………..6
3. Starting HTTP/2 ………………………………………….7
3.1. HTTP/2 Version Identification …………………………8
3.2. Starting HTTP/2 for “http” URIs ……………………….8
3.2.1. HTTP2-Settings Header Field …………………….9
3.3. Starting HTTP/2 for “https” URIs ……………………..10
3.4. Starting HTTP/2 with Prior Knowledge ………………….10
3.5. HTTP/2 Connection Preface ……………………………11
4. HTTP Frames …………………………………………….12
4.1. Frame Format ……………………………………….12
4.2. Frame Size …………………………………………13
4.3. Header Compression and Decompression ………………….14
5. Streams and Multiplexing …………………………………15
5.1. Stream States ………………………………………16
5.1.1. Stream Identifiers ……………………………21
5.1.2. Stream Concurrency ……………………………22
5.2. Flow Control ……………………………………….22
5.2.1. Flow-Control Principles ……………………….23
5.2.2. Appropriate Use of Flow Control ………………..24
5.3. Stream Priority …………………………………….24
5.3.1. Stream Dependencies …………………………..25
5.3.2. Dependency Weighting ………………………….26
5.3.3. Reprioritization ……………………………..26
5.3.4. Prioritization State Management ………………..27
5.3.5. Default Priorities ……………………………28
5.4. Error Handling ……………………………………..28
5.4.1. Connection Error Handling ……………………..29
5.4.2. Stream Error Handling …………………………29
Belshe, et al. Standards Track [Page 2]
https://tools.ietf.org/pdf/rfc7540
https://tools.ietf.org/pdf/bcp78
http://trustee.ietf.org/license-info
RFC 7540 HTTP/2 May 2015
5.4.3. Connection Termination ………………………..30
5.5. Extending HTTP/2 ……………………………………30
6. Frame Definitions ……………………………………….31
6.1. DATA ………………………………………………31
6.2. HEADERS ……………………………………………32
6.3. PRIORITY …………………………………………..34
6.4. RST_STREAM …………………………………………36
6.5. SETTINGS …………………………………………..36
6.5.1. SETTINGS Format ………………………………38
6.5.2. Defined SETTINGS Parameters ……………………38
6.5.3. Settings Synchronization ………………………39
6.6. PUSH_PROMISE ……………………………………….40
6.7. PING ………………………………………………42
6.8. GOAWAY …………………………………………….43
6.9. WINDOW_UPDATE ………………………………………46
6.9.1. The Flow-Control Window ……………………….47
6.9.2. Initial Flow-Control Window Size ……………….48
6.9.3. Reducing the Stream Window Size ………………..49
6.10. CONTINUATION ………………………………………49
7. Error Codes …………………………………………….50
8. HTTP Message Exchanges …………………………………..51
8.1. HTTP Request/Response Exchange ……………………….52
8.1.1. Upgrading from HTTP/2 …………………………53
8.1.2. HTTP Header Fields ……………………………53
8.1.3. Examples …………………………………….57
8.1.4. Request Reliability Mechanisms in HTTP/2 ………..60
8.2. Server Push ………………………………………..60
8.2.1. Push Requests ………………………………..61
8.2.2. Push Responses ……………………………….63
8.3. The CONNECT Method ………………………………….64
9. Additional HTTP Requirements/Considerations ………………..65
9.1. Connection Management ……………………………….65
9.1.1. Connection Reuse ……………………………..66
9.1.2. The 421 (Misdirected Request) Status Code ……….66
9.2. Use of TLS Features …………………………………67
9.2.1. TLS 1.2 Features ……………………………..67
9.2.2. TLS 1.2 Cipher Suites …………………………68
10. Security Considerations …………………………………69
10.1. Server Authority …………………………………..69
10.2. Cross-Protocol Attacks ……………………………..69
10.3. Intermediary Encapsulation Attacks …………………..70
10.4. Cacheability of Pushed Responses …………………….70
10.5. Denial-of-Service Considerations …………………….70
10.5.1. Limits on Header Block Size …………………..71
10.5.2. CONNECT Issues ………………………………72
10.6. Use of Compression …………………………………72
10.7. Use of Padding …………………………………….73
10.8. Privacy Considerations ……………………………..73
Belshe, et al. Standards Track [Page 3]
https://tools.ietf.org/pdf/rfc7540
RFC 7540 HTTP/2 May 2015
11. IANA Considerations …………………………………….74
11.1. Registration of HTTP/2 Identification Strings …………74
11.2. Frame Type Registry ………………………………..75
11.3. Settings Registry ………………………………….75
11.4. Error Code Registry ………………………………..76
11.5. HTTP2-Settings Header Field Registration ……………..77
11.6. PRI Method Registration …………………………….78
11.7. The 421 (Misdirected Request) HTTP Status Code ………..78
11.8. The h2c Upgrade Token ………………………………78
12. References …………………………………………….79
12.1. Normative References ……………………………….79
12.2. Informative References ……………………………..81
Appendix A. TLS 1.2 Cipher Suite Black List …………………..83
Acknowledgements ……………………………………..