The major changes are:
- Simplified padding (Pad High field was removed)
- No padding for CONTINUATION frame.
- ALTSVC and BLOCKED frame was moved to extension. The current nghttp2 source code contains ALTSVC and BLOCKED as extension based on draft-12. But their specification may change and they may be dropped from nghttp2 public API until their specifications are settled.
- Per-frame compression was removed.
- Huffman code table and static header table were updated.
The https endpoint for nghttp2.org now requires TLSv1.2 and DHE or EDCHE with GCM cipher suite for HTTP/2 connection. If HTTP/2 was negotiated and these requirements are not met, connection error will be issued with the error code INADEQUATE_SECURITY.