We released nghttp2 v1.3.0.
In this release, we added upper limit for the number of the streams
pushed from server and not yet opened for client side session.
Specifically, these streams are in “reserved (remote)” state as
RFC 7540, Section 5.1..
The thing is RFC 7540 does not say anything about the upper limit of
these streams. It says the number of maximum concurrent streams, but
it only applies to the opened streams, not applied to streams in
“reserved (remote)” state. From this release, nghttp2 library limits
the number of these streams less than or equal to 200 by default.
Applications can change this limit by using
nghttp2_option_set_max_reserved_remote_streams() function. Those
streams which exceed this limit will be automatically closed with
We added public APIs to expose dependency tree information. The
nghttp2 library handles HTTP/2 dependency priority just fine, but
there is a need to access to the dependency tree from applications.
One of the use case is to schedule stream handling in threads. In the
most of the cases, the number of available threads are smaller than
incoming streams. Applications can get the dependency information
from nghttp2 library, and schedule them in the order by the priority.
nghttp2_session_find_stream() function will return stream object
with the given stream ID. Applications can traverse dependency tree
from this object.
nghttp2_session_get_root_stream() will return the
stream object which is the root of whole dependency tree. See
nghttp2_stream_* functions to access the properties of stream
We rewrite priority tree handling. Now it is simpler and robust. We now use priority queue per stream, which contains the stream which has ready to send a frame, or one of its descendants have a frame to send. We maintain invariant that if a stream is queued, then its ancestors are also queued (except for root). When we re-schedule stream after transmission, we re-schedule all ancestors, so that streams on the other path can get a chance to send. The basic idea is the same with h2o’s scheduler, but there are differences in the details.
We found that openssl ocsp command exits withs status code 0 even if
ocsp query or validation was failed. We added extra code to
fetch-ocsp-response script to handle these situations.
Now nghttpx and nghttpd terminate HTTP/2 connection with GOAWAY of
INADEQUATE_SECURITY if one of black listed cipher suites
RFC 7540, Appendix A)
Tomasz Buchert improved handling of /dev/stdout and /dev/stderr for logging in nghttpx.
We added HEAD method support to nghttpd.
Lucas Pardue added Timing-script and base URI support to h2load. See #330 for more details.
Nora Shoemaker added timeout options to h2load. See #331 for more details.