nghttp2.org

HTTP/2 C library and tools

Nghttp2 v1.15.0

We released nghttp2 v1.15.0. We summarizes the changes below.

libnghttp2

Previously, the maximum size of dynamic header table size used by HPACK encoder was limited to 4KiB regardless of SETTINGS_HEADER_TABLE_SIZE sent by peer. In this release, we added nghttp2_option_set_max_deflate_dynamic_table_size() to change the maximum value of encoder’s maximum dynamic header table size. With this option, nghttp2 based client/server can experiment the larger or smaller dynamic table size.

Previously, we could not return successfully from nghttp2_data_source_read_callback without reading anything or NGHTTP2_ERR_DEFERRED return value. The latter requires nghttp2_session_resume_data(), and is not a good workaround. In this release, application can now return NGHTTP2_ERR_CANCEL from nghttp2_data_source_read_callback without reading anything, and it signals the libnghttp2 to return to the application code immediately.

To offer the opportunity to implement https://tools.ietf.org/html/draft-benfield-http2-debug-state-01 to the nghttp2 based servers, we added API functions to export internal HTTP/2 state data from nghttp2_session object. In this release, we export the data marked as “required” in the draft. Here is the list of the added functions:

  • nghttp2_session_get_hd_deflate_dynamic_table_size() which returns the dynamic table size of HPACK encoder

  • nghttp2_session_get_hd_inflate_dynamic_table_size() which returns the dynamic table size of HPACK decoder

  • nghttp2_session_get_local_settings() which returns local HTTP/2 SETTINGS in effect; this is the SETTINGS sent from the local endpoint to the remote one

  • nghttp2_session_get_local_window_size() which returns the connection window size

  • nghttp2_session_get_stream_local_window_size() which returns the stream window size for given stream

Third-Party

We have updated neverbleed, and it now supports ECDSA certificate.

src

Now applications under src directory compiles with OpenSSL 1.1.0.

nghttpx

To utilize the new feature to change HPACK encoder’s dynamic table size described above, we added new options to achieve this. The new options are:

  • --frontend-http2-encoder-dynamic-table-size
  • --frontend-http2-decoder-dynamic-table-size
  • --backend-http2-encoder-dynamic-table-size
  • --backend-http2-decoder-dynamic-table-size

These options default to 4KiB.

We have added tls_sni to mruby Nghttpx::Env class, which returns the server name sent in TLS SNI from client.

Previously, we have --frontend-http2-window-bits and its family options. They were not flexible because they only accept number of bits. Now they have been deprecated, and instead we have introduced --frontend-http2-window-size and its family options, which take the size in integer, rather than bits. The deprecated options still work, and are translated into the new options, but we encourage users to update configuration to use new options.

We have implemented TCP write buffer optimization presented by Kazuho’s slide. In short, this optimization limits the number of bytes to write to TCP socket based on the TCP CWND, and just write the bytes which can be sent in 1 RTT. This avoids excessive commitment of low prioritized data to the TCP socket, and implementation can quickly respond to the high prioritized data. This optimization is experimental, and enabled by --frontend-http2-optimize-write-buffer-size, and only works with HTTP/2 TLS connections. At the moment, only Linux is supported.

We also added HTTP/2 window size auto tuning optimization. It adjusts connection window size of frontend HTTP/2 connection based on RWIN. This is highly experimental, and may not work as expected. This feature is experimental, enabled by --frontend-http2-optimize-window-size, and only works with HTTP/2 TLS connections. At the moment, only Linux is supported. In the future release, we may drop the requirement of TLS for this optimization.

We added workaround for std::make_shared bug in Xcode7, 7.1, and 7.2 to prevent nghttpx from crashing.

We fixed the bug that bytes are doubly counted towards rate limit for TLS connections.

Previously, with default mode, server header field was rewritten to “nghttpx” and its version. Now --no-server-rewrite option disables this, and just forwards the server header field from the backend. We have added --server-name option to specify the server header field value. If both options are present, --no-server-rewrite takes precedence.

Previously, we ignored invalid header field coming from HTTP/2. Now they are treated as stream error.

nghttp and nghttpd

We have added --encoder-header-table-size option to specify the HPACK encoder’s maximum dynamic header table size.

Python

We have added ALPN support, and now requires at least Python 3.5.