RFC 7540 has been out for a month now. What should we expect with this new version?
1. New frame: HTTP/2 implements a binary protocol with the following frame structure:
.png)
- Length: The length of the frame payload expressed as an unsigned 24-bit integer. Values greater than 2^14 must not be sent unless the receiver has set a larger value for SETTINGS_MAX_FRAME_SIZE parameter.
- Type: The 8-bit type of the frame. It determines the format and semantics of the frame.">Length: The length of the frame payload expressed as an unsigned 24 bit integer. Values greater than 2^14 must not be sent unless the receiver has set a larger value for">Type: The 8-bit type of the frame. The frame type determines the format and semantics of the frame.">RST_STREAM: Type 0x3, allows for immediate termination of a stream.">Settings: Type 0x4, used to transmit configuration parameters that affect how endpoints communicate, such as preferences and constraints on peer behavior.">GOAWAY: 0x7, used to initiate shutdown of a connection or to signal serious error conditions.">Continuation: type=0x9, used to continue a sequence of header block fragments.">Stream Identifier: A stream identifier expressed as an unsigned 31-bit integer. The value 0x0 is reserved for frames that are associated with the connection as a whole as opposed to an individual stream.
2. Security:
- Implementations of HTTP/2 MUST use TLS version 1.2 or higher for HTTP/2 over TLS. The general TLS usage guidance in RFC 7525 should be followed.
- The TLS implementation MUST support the Server Name Indication (SNI) extension to TLS.">Safari supports HTTP/2 in version 8.1, but only for OS X v10.11 and iOS 9.
Manuel Humberto Santander Pelez
SANS Internet Storm Center - Handler
Twitter: @manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org