1 nghttp2 - HTTP/2 C Library
2 ==========================
4 This is an implementation of the Hypertext Transfer Protocol version 2
7 The framing layer of HTTP/2 is implemented as a reusable C library.
8 On top of that, we have implemented an HTTP/2 client, server and
9 proxy. We have also developed load test and benchmarking tools for
12 An HPACK encoder and decoder are available as a public API.
14 An experimental high level C++ library is also available.
16 We have Python bindings of this library, but we do not have full
22 We have implemented `RFC 7540 <https://tools.ietf.org/html/rfc7540>`_
23 HTTP/2 and `RFC 7541 <https://tools.ietf.org/html/rfc7541>`_ HPACK -
24 Header Compression for HTTP/2
26 The nghttp2 code base was forked from the spdylay
27 (https://github.com/tatsuhiro-t/spdylay) project.
32 The following endpoints are available to try out our nghttp2
35 * https://nghttp2.org/ (TLS + ALPN/NPN and HTTP/3)
37 This endpoint supports ``h2``, ``h2-16``, ``h2-14``, and
38 ``http/1.1`` via ALPN/NPN and requires TLSv1.2 for HTTP/2
41 It also supports HTTP/3.
43 * http://nghttp2.org/ (HTTP Upgrade and HTTP/2 Direct)
45 ``h2c`` and ``http/1.1``.
50 The following package is required to build the libnghttp2 library:
54 To build and run the unit test programs, the following package is
59 To build the documentation, you need to install:
61 * sphinx (http://sphinx-doc.org/)
63 If you need libnghttp2 (C library) only, then the above packages are
64 all you need. Use ``--enable-lib-only`` to ensure that only
65 libnghttp2 is built. This avoids potential build error related to
66 building bundled applications.
68 To build and run the application programs (``nghttp``, ``nghttpd``,
69 ``nghttpx`` and ``h2load``) in the ``src`` directory, the following packages
77 ALPN support requires OpenSSL >= 1.0.2 (released 22 January 2015).
78 LibreSSL >= 2.2.0 can be used instead of OpenSSL, but OpenSSL has more
79 features than LibreSSL at the time of this writing.
81 To enable ``-a`` option (getting linked assets from the downloaded
82 resource) in ``nghttp``, the following package is required:
86 To enable systemd support in nghttpx, the following package is
89 * libsystemd-dev >= 209
91 The HPACK tools require the following package:
95 To build sources under the examples directory, libevent is required:
97 * libevent-openssl >= 2.0.8
99 To mitigate heap fragmentation in long running server programs
100 (``nghttpd`` and ``nghttpx``), jemalloc is recommended:
106 Alpine Linux currently does not support malloc replacement
107 due to musl limitations. See details in issue `#762 <https://github.com/nghttp2/nghttp2/issues/762>`_.
109 libnghttp2_asio C++ library requires the following packages:
111 * libboost-dev >= 1.54.0
112 * libboost-thread-dev >= 1.54.0
114 The Python bindings require the following packages:
120 If you are using Ubuntu 16.04 LTS (Xenial Xerus) or Debian 8 (jessie)
121 and above, run the following to install the required packages:
125 sudo apt-get install g++ make binutils autoconf automake autotools-dev libtool pkg-config \
126 zlib1g-dev libcunit1-dev libssl-dev libxml2-dev libev-dev libevent-dev libjansson-dev \
127 libc-ares-dev libjemalloc-dev libsystemd-dev \
128 cython python3-dev python-setuptools
130 To enable mruby support for nghttpx, `mruby
131 <https://github.com/mruby/mruby>`_ is required. We need to build
132 mruby with C++ ABI explicitly turned on, and probably need other
133 mrgems, mruby is manged by git submodule under third-party/mruby
134 directory. Currently, mruby support for nghttpx is disabled by
135 default. To enable mruby support, use ``--with-mruby`` configure
136 option. Note that at the time of this writing, libmruby-dev and mruby
137 packages in Debian/Ubuntu are not usable for nghttp2, since they do
138 not enable C++ ABI. To build mruby, the following packages are
144 nghttpx supports `neverbleed <https://github.com/h2o/neverbleed>`_,
145 privilege separation engine for OpenSSL / LibreSSL. In short, it
146 minimizes the risk of private key leakage when serious bug like
147 Heartbleed is exploited. The neverbleed is disabled by default. To
148 enable it, use ``--with-neverbleed`` configure option.
150 To enable the experimental HTTP/3 support for h2load and nghttpx, the
151 following libraries are required:
153 * `OpenSSL with QUIC support
154 <https://github.com/quictls/openssl/tree/OpenSSL_1_1_1k+quic>`_; or
155 `BoringSSL <https://boringssl.googlesource.com/boringssl/>`_ (commit
156 f6ef1c560ae5af51e2df5d8d2175bed207b28b8f)
157 * `ngtcp2 <https://github.com/ngtcp2/ngtcp2>`_
158 * `nghttp3 <https://github.com/ngtcp2/nghttp3>`_
160 Use ``--enable-http3`` configure option to enable HTTP/3 feature for
163 In order to build optional eBPF program to direct an incoming QUIC UDP
164 datagram to a correct socket for nghttpx, the following libraries are
167 * libbpf-dev >= 0.4.0
169 Use ``--with-libbpf`` configure option to build eBPF program.
170 libelf-dev is needed to build libbpf.
172 For Ubuntu 20.04, you can build libbpf from `the source code
173 <https://github.com/libbpf/libbpf/releases/tag/v0.4.0>`_. nghttpx
174 requires eBPF program for reloading its configuration and hot swapping
177 Compiling libnghttp2 C source code requires a C99 compiler. gcc 4.8
178 is known to be adequate. In order to compile the C++ source code, gcc
179 >= 6.0 or clang >= 6.0 is required. C++ source code requires C++14
184 To enable mruby support in nghttpx, and use ``--with-mruby``
189 Mac OS X users may need the ``--disable-threads`` configure option to
190 disable multi-threading in nghttpd, nghttpx and h2load to prevent
191 them from crashing. A patch is welcome to make multi threading work
192 on Mac OS X platform.
196 To compile the associated applications (nghttp, nghttpd, nghttpx
197 and h2load), you must use the ``--enable-app`` configure option and
198 ensure that the specified requirements above are met. Normally,
199 configure script checks required dependencies to build these
200 applications, and enable ``--enable-app`` automatically, so you
201 don't have to use it explicitly. But if you found that
202 applications were not built, then using ``--enable-app`` may find
203 that cause, such as the missing dependency.
207 In order to detect third party libraries, pkg-config is used
208 (however we don't use pkg-config for some libraries (e.g., libev)).
209 By default, pkg-config searches ``*.pc`` file in the standard
210 locations (e.g., /usr/lib/pkgconfig). If it is necessary to use
211 ``*.pc`` file in the custom location, specify paths to
212 ``PKG_CONFIG_PATH`` environment variable, and pass it to configure
217 $ ./configure PKG_CONFIG_PATH=/path/to/pkgconfig
219 For pkg-config managed libraries, ``*_CFLAG`` and ``*_LIBS``
220 environment variables are defined (e.g., ``OPENSSL_CFLAGS``,
221 ``OPENSSL_LIBS``). Specifying non-empty string to these variables
222 completely overrides pkg-config. In other words, if they are
223 specified, pkg-config is not used for detection, and user is
224 responsible to specify the correct values to these variables. For
225 complete list of these variables, run ``./configure -h``.
227 Building nghttp2 from release tar archive
228 -----------------------------------------
230 The nghttp2 project regularly releases tar archives which includes
231 nghttp2 source code, and generated build files. They can be
232 downloaded from `Releases
233 <https://github.com/nghttp2/nghttp2/releases>`_ page.
235 Building nghttp2 from git requires autotools development packages.
236 Building from tar archives does not require them, and thus it is much
237 easier. The usual build step is as follows:
241 $ tar xf nghttp2-X.Y.Z.tar.bz2
249 Building from git is easy, but please be sure that at least autoconf 2.68 is
254 $ git submodule update --init
261 Notes for building on Windows (MSVC)
262 ------------------------------------
264 The easiest way to build native Windows nghttp2 dll is use `cmake
265 <https://cmake.org/>`_. The free version of `Visual C++ Build Tools
266 <http://landinghub.visualstudio.com/visual-cpp-build-tools>`_ works
269 1. Install cmake for windows
270 2. Open "Visual C++ ... Native Build Tool Command Prompt", and inside
271 nghttp2 directly, run ``cmake``.
272 3. Then run ``cmake --build`` to build library.
273 4. nghttp2.dll, nghttp2.lib, nghttp2.exp are placed under lib directory.
275 Note that the above steps most likely produce nghttp2 library only.
276 No bundled applications are compiled.
278 Notes for building on Windows (Mingw/Cygwin)
279 --------------------------------------------
281 Under Mingw environment, you can only compile the library, it's
282 ``libnghttp2-X.dll`` and ``libnghttp2.a``.
284 If you want to compile the applications(``h2load``, ``nghttp``,
285 ``nghttpx``, ``nghttpd``), you need to use the Cygwin environment.
287 Under Cygwin environment, to compile the applications you need to
288 compile and install the libev first.
290 Secondly, you need to undefine the macro ``__STRICT_ANSI__``, if you
291 not, the functions ``fdopen``, ``fileno`` and ``strptime`` will not
294 the sample command like this:
298 $ export CFLAGS="-U__STRICT_ANSI__ -I$libev_PREFIX/include -L$libev_PREFIX/lib"
299 $ export CXXFLAGS=$CFLAGS
303 If you want to compile the applications under ``examples/``, you need
304 to remove or rename the ``event.h`` from libev's installation, because
305 it conflicts with libevent's installation.
307 Notes for installation on Linux systems
308 --------------------------------------------
309 After installing nghttp2 tool suite with ``make install`` one might experience a similar error:
313 nghttpx: error while loading shared libraries: libnghttp2.so.14: cannot open shared object file: No such file or directory
315 This means that the tool is unable to locate the ``libnghttp2.so`` shared library.
317 To update the shared library cache run ``sudo ldconfig``.
319 Building the documentation
320 --------------------------
324 Documentation is still incomplete.
326 To build the documentation, run:
332 The documents will be generated under ``doc/manual/html/``.
334 The generated documents will not be installed with ``make install``.
336 The online documentation is available at
337 https://nghttp2.org/documentation/
339 Build HTTP/3 enabled h2load and nghttpx
340 ---------------------------------------
342 To build h2load and nghttpx with HTTP/3 feature enabled, run the
343 configure script with ``--enable-http3``.
345 For nghttpx to reload configurations and swapping its executable while
346 gracefully terminating old worker processes, eBPF is required. Run
347 the configure script with ``--enable-http3 --with-libbpf`` to build
348 eBPF program. The QUIC keying material must be set with
349 ``--frontend-quic-secret-file`` in order to keep the existing
350 connections alive during reload.
352 The detailed steps to build HTTP/3 enabled h2load and nghttpx follow.
354 Build custom OpenSSL:
358 $ git clone --depth 1 -b OpenSSL_1_1_1l+quic https://github.com/quictls/openssl
360 $ ./config --prefix=$PWD/build --openssldir=/etc/ssl
369 $ git clone --depth 1 https://github.com/ngtcp2/nghttp3
372 $ ./configure --prefix=$PWD/build --enable-lib-only
381 $ git clone --depth 1 https://github.com/ngtcp2/ngtcp2
384 $ ./configure --prefix=$PWD/build --enable-lib-only \
385 PKG_CONFIG_PATH="$PWD/../openssl/build/lib/pkgconfig"
390 If your Linux distribution does not have libbpf-dev >= 0.4.0, build
395 $ git clone --depth 1 -b v0.4.0 https://github.com/libbpf/libbpf
397 $ PREFIX=$PWD/build make -C src install
404 $ git clone https://github.com/nghttp2/nghttp2
406 $ git submodule update --init
408 $ ./configure --with-mruby --with-neverbleed --enable-http3 --with-libbpf \
409 --disable-python-bindings \
410 CC=clang-12 CXX=clang++-12 \
411 PKG_CONFIG_PATH="$PWD/../openssl/build/lib/pkgconfig:$PWD/../nghttp3/build/lib/pkgconfig:$PWD/../ngtcp2/build/lib/pkgconfig:$PWD/../libbpf/build/lib64/pkgconfig" \
412 LDFLAGS="$LDFLAGS -Wl,-rpath,$PWD/../openssl/build/lib -Wl,-rpath,$PWD/../libbpf/build/lib64"
415 The eBPF program ``reuseport_kern.o`` should be found under bpf
416 directory. Pass ``--quic-bpf-program-file=bpf/reuseport_kern.o``
417 option to nghttpx to load it. See also `HTTP/3 section in nghttpx -
418 HTTP/2 proxy - HOW-TO
419 <https://nghttp2.org/documentation/nghttpx-howto.html#http-3>`_.
424 Unit tests are done by simply running ``make check``.
429 We have the integration tests for the nghttpx proxy server. The tests are
430 written in the `Go programming language <http://golang.org/>`_ and uses
431 its testing framework. We depend on the following libraries:
433 * golang.org/x/net/http2
434 * golang.org/x/net/websocket
435 * https://github.com/tatsuhiro-t/go-nghttp2
437 Go modules will download these dependencies automatically.
439 To run the tests, run the following command under
440 ``integration-tests`` directory:
446 Inside the tests, we use port 3009 to run the test subject server.
448 Migration from v0.7.15 or earlier
449 ---------------------------------
451 nghttp2 v1.0.0 introduced several backward incompatible changes. In
452 this section, we describe these changes and how to migrate to v1.0.0.
454 ALPN protocol ID is now ``h2`` and ``h2c``
455 ++++++++++++++++++++++++++++++++++++++++++
457 Previously we announced ``h2-14`` and ``h2c-14``. v1.0.0 implements
458 final protocol version, and we changed ALPN ID to ``h2`` and ``h2c``.
459 The macros ``NGHTTP2_PROTO_VERSION_ID``,
460 ``NGHTTP2_PROTO_VERSION_ID_LEN``,
461 ``NGHTTP2_CLEARTEXT_PROTO_VERSION_ID``, and
462 ``NGHTTP2_CLEARTEXT_PROTO_VERSION_ID_LEN`` have been updated to
465 Basically, existing applications do not have to do anything, just
466 recompiling is enough for this change.
468 Use word "client magic" where we use "client connection preface"
469 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
471 We use "client connection preface" to mean first 24 bytes of client
472 connection preface. This is technically not correct, since client
473 connection preface is composed of 24 bytes client magic byte string
474 followed by SETTINGS frame. For clarification, we call "client magic"
475 for this 24 bytes byte string and updated API.
477 * ``NGHTTP2_CLIENT_CONNECTION_PREFACE`` was replaced with
478 ``NGHTTP2_CLIENT_MAGIC``.
479 * ``NGHTTP2_CLIENT_CONNECTION_PREFACE_LEN`` was replaced with
480 ``NGHTTP2_CLIENT_MAGIC_LEN``.
481 * ``NGHTTP2_BAD_PREFACE`` was renamed as ``NGHTTP2_BAD_CLIENT_MAGIC``
483 The already deprecated ``NGHTTP2_CLIENT_CONNECTION_HEADER`` and
484 ``NGHTTP2_CLIENT_CONNECTION_HEADER_LEN`` were removed.
486 If application uses these macros, just replace old ones with new ones.
487 Since v1.0.0, client magic is sent by library (see next subsection),
488 so client application may just remove these macro use.
490 Client magic is sent by library
491 +++++++++++++++++++++++++++++++
493 Previously nghttp2 library did not send client magic, which is first
494 24 bytes byte string of client connection preface, and client
495 applications have to send it by themselves. Since v1.0.0, client
496 magic is sent by library via first call of ``nghttp2_session_send()``
497 or ``nghttp2_session_mem_send()``.
499 The client applications which send client magic must remove the
502 Remove HTTP Alternative Services (Alt-Svc) related code
503 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
505 Alt-Svc specification is not finalized yet. To make our API stable,
506 we have decided to remove all Alt-Svc related API from nghttp2.
508 * ``NGHTTP2_EXT_ALTSVC`` was removed.
509 * ``nghttp2_ext_altsvc`` was removed.
511 We have already removed the functionality of Alt-Svc in v0.7 series
512 and they have been essentially noop. The application using these
513 macro and struct, remove those lines.
515 Use nghttp2_error in nghttp2_on_invalid_frame_recv_callback
516 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
518 Previously ``nghttp2_on_invalid_frame_recv_cb_called`` took the
519 ``error_code``, defined in ``nghttp2_error_code``, as parameter. But
520 they are not detailed enough to debug. Therefore, we decided to use
521 more detailed ``nghttp2_error`` values instead.
523 The application using this callback should update the callback
524 signature. If it treats ``error_code`` as HTTP/2 error code, update
525 the code so that it is treated as ``nghttp2_error``.
527 Receive client magic by default
528 +++++++++++++++++++++++++++++++
530 Previously nghttp2 did not process client magic (24 bytes byte
531 string). To make it deal with it, we had to use
532 ``nghttp2_option_set_recv_client_preface()``. Since v1.0.0, nghttp2
533 processes client magic by default and
534 ``nghttp2_option_set_recv_client_preface()`` was removed.
536 Some application may want to disable this behaviour, so we added
537 ``nghttp2_option_set_no_recv_client_magic()`` to achieve this.
539 The application using ``nghttp2_option_set_recv_client_preface()``
540 with nonzero value, just remove it.
542 The application using ``nghttp2_option_set_recv_client_preface()``
543 with zero value or not using it must use
544 ``nghttp2_option_set_no_recv_client_magic()`` with nonzero value.
546 Client, Server and Proxy programs
547 ---------------------------------
549 The ``src`` directory contains the HTTP/2 client, server and proxy programs.
554 ``nghttp`` is a HTTP/2 client. It can connect to the HTTP/2 server
555 with prior knowledge, HTTP Upgrade and NPN/ALPN TLS extension.
557 It has verbose output mode for framing information. Here is sample
558 output from ``nghttp`` client:
562 $ nghttp -nv https://nghttp2.org
564 The negotiated protocol: h2
565 [ 0.212] recv SETTINGS frame <length=12, flags=0x00, stream_id=0>
567 [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
568 [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
569 [ 0.212] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
571 [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
572 [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
573 [ 0.212] send SETTINGS frame <length=0, flags=0x01, stream_id=0>
576 [ 0.212] send PRIORITY frame <length=5, flags=0x00, stream_id=3>
577 (dep_stream_id=0, weight=201, exclusive=0)
578 [ 0.212] send PRIORITY frame <length=5, flags=0x00, stream_id=5>
579 (dep_stream_id=0, weight=101, exclusive=0)
580 [ 0.212] send PRIORITY frame <length=5, flags=0x00, stream_id=7>
581 (dep_stream_id=0, weight=1, exclusive=0)
582 [ 0.212] send PRIORITY frame <length=5, flags=0x00, stream_id=9>
583 (dep_stream_id=7, weight=1, exclusive=0)
584 [ 0.212] send PRIORITY frame <length=5, flags=0x00, stream_id=11>
585 (dep_stream_id=3, weight=1, exclusive=0)
586 [ 0.212] send HEADERS frame <length=39, flags=0x25, stream_id=13>
587 ; END_STREAM | END_HEADERS | PRIORITY
588 (padlen=0, dep_stream_id=11, weight=16, exclusive=0)
593 :authority: nghttp2.org
595 accept-encoding: gzip, deflate
596 user-agent: nghttp2/1.0.1-DEV
597 [ 0.221] recv SETTINGS frame <length=0, flags=0x01, stream_id=0>
600 [ 0.221] recv (stream_id=13) :method: GET
601 [ 0.221] recv (stream_id=13) :scheme: https
602 [ 0.221] recv (stream_id=13) :path: /stylesheets/screen.css
603 [ 0.221] recv (stream_id=13) :authority: nghttp2.org
604 [ 0.221] recv (stream_id=13) accept-encoding: gzip, deflate
605 [ 0.222] recv (stream_id=13) user-agent: nghttp2/1.0.1-DEV
606 [ 0.222] recv PUSH_PROMISE frame <length=50, flags=0x04, stream_id=13>
608 (padlen=0, promised_stream_id=2)
609 [ 0.222] recv (stream_id=13) :status: 200
610 [ 0.222] recv (stream_id=13) date: Thu, 21 May 2015 16:38:14 GMT
611 [ 0.222] recv (stream_id=13) content-type: text/html
612 [ 0.222] recv (stream_id=13) last-modified: Fri, 15 May 2015 15:38:06 GMT
613 [ 0.222] recv (stream_id=13) etag: W/"555612de-19f6"
614 [ 0.222] recv (stream_id=13) link: </stylesheets/screen.css>; rel=preload; as=stylesheet
615 [ 0.222] recv (stream_id=13) content-encoding: gzip
616 [ 0.222] recv (stream_id=13) server: nghttpx nghttp2/1.0.1-DEV
617 [ 0.222] recv (stream_id=13) via: 1.1 nghttpx
618 [ 0.222] recv (stream_id=13) strict-transport-security: max-age=31536000
619 [ 0.222] recv HEADERS frame <length=166, flags=0x04, stream_id=13>
622 ; First response header
623 [ 0.222] recv DATA frame <length=2601, flags=0x01, stream_id=13>
625 [ 0.222] recv (stream_id=2) :status: 200
626 [ 0.222] recv (stream_id=2) date: Thu, 21 May 2015 16:38:14 GMT
627 [ 0.222] recv (stream_id=2) content-type: text/css
628 [ 0.222] recv (stream_id=2) last-modified: Fri, 15 May 2015 15:38:06 GMT
629 [ 0.222] recv (stream_id=2) etag: W/"555612de-9845"
630 [ 0.222] recv (stream_id=2) content-encoding: gzip
631 [ 0.222] recv (stream_id=2) server: nghttpx nghttp2/1.0.1-DEV
632 [ 0.222] recv (stream_id=2) via: 1.1 nghttpx
633 [ 0.222] recv (stream_id=2) strict-transport-security: max-age=31536000
634 [ 0.222] recv HEADERS frame <length=32, flags=0x04, stream_id=2>
637 ; First push response header
638 [ 0.228] recv DATA frame <length=8715, flags=0x01, stream_id=2>
640 [ 0.228] send GOAWAY frame <length=8, flags=0x00, stream_id=0>
641 (last_stream_id=2, error_code=NO_ERROR(0x00), opaque_data(0)=[])
643 The HTTP Upgrade is performed like so:
647 $ nghttp -nvu http://nghttp2.org
649 [ 0.011] HTTP Upgrade request
652 Connection: Upgrade, HTTP2-Settings
654 HTTP2-Settings: AAMAAABkAAQAAP__
656 User-Agent: nghttp2/1.0.1-DEV
659 [ 0.018] HTTP Upgrade response
660 HTTP/1.1 101 Switching Protocols
665 [ 0.018] HTTP Upgrade success
666 [ 0.018] recv SETTINGS frame <length=12, flags=0x00, stream_id=0>
668 [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
669 [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
670 [ 0.018] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
672 [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
673 [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
674 [ 0.018] send SETTINGS frame <length=0, flags=0x01, stream_id=0>
677 [ 0.018] send PRIORITY frame <length=5, flags=0x00, stream_id=3>
678 (dep_stream_id=0, weight=201, exclusive=0)
679 [ 0.018] send PRIORITY frame <length=5, flags=0x00, stream_id=5>
680 (dep_stream_id=0, weight=101, exclusive=0)
681 [ 0.018] send PRIORITY frame <length=5, flags=0x00, stream_id=7>
682 (dep_stream_id=0, weight=1, exclusive=0)
683 [ 0.018] send PRIORITY frame <length=5, flags=0x00, stream_id=9>
684 (dep_stream_id=7, weight=1, exclusive=0)
685 [ 0.018] send PRIORITY frame <length=5, flags=0x00, stream_id=11>
686 (dep_stream_id=3, weight=1, exclusive=0)
687 [ 0.018] send PRIORITY frame <length=5, flags=0x00, stream_id=1>
688 (dep_stream_id=11, weight=16, exclusive=0)
689 [ 0.019] recv (stream_id=1) :method: GET
690 [ 0.019] recv (stream_id=1) :scheme: http
691 [ 0.019] recv (stream_id=1) :path: /stylesheets/screen.css
692 [ 0.019] recv (stream_id=1) host: nghttp2.org
693 [ 0.019] recv (stream_id=1) user-agent: nghttp2/1.0.1-DEV
694 [ 0.019] recv PUSH_PROMISE frame <length=49, flags=0x04, stream_id=1>
696 (padlen=0, promised_stream_id=2)
697 [ 0.019] recv (stream_id=1) :status: 200
698 [ 0.019] recv (stream_id=1) date: Thu, 21 May 2015 16:39:16 GMT
699 [ 0.019] recv (stream_id=1) content-type: text/html
700 [ 0.019] recv (stream_id=1) content-length: 6646
701 [ 0.019] recv (stream_id=1) last-modified: Fri, 15 May 2015 15:38:06 GMT
702 [ 0.019] recv (stream_id=1) etag: "555612de-19f6"
703 [ 0.019] recv (stream_id=1) link: </stylesheets/screen.css>; rel=preload; as=stylesheet
704 [ 0.019] recv (stream_id=1) accept-ranges: bytes
705 [ 0.019] recv (stream_id=1) server: nghttpx nghttp2/1.0.1-DEV
706 [ 0.019] recv (stream_id=1) via: 1.1 nghttpx
707 [ 0.019] recv HEADERS frame <length=157, flags=0x04, stream_id=1>
710 ; First response header
711 [ 0.019] recv DATA frame <length=6646, flags=0x01, stream_id=1>
713 [ 0.019] recv (stream_id=2) :status: 200
714 [ 0.019] recv (stream_id=2) date: Thu, 21 May 2015 16:39:16 GMT
715 [ 0.019] recv (stream_id=2) content-type: text/css
716 [ 0.019] recv (stream_id=2) content-length: 38981
717 [ 0.019] recv (stream_id=2) last-modified: Fri, 15 May 2015 15:38:06 GMT
718 [ 0.019] recv (stream_id=2) etag: "555612de-9845"
719 [ 0.019] recv (stream_id=2) accept-ranges: bytes
720 [ 0.019] recv (stream_id=2) server: nghttpx nghttp2/1.0.1-DEV
721 [ 0.019] recv (stream_id=2) via: 1.1 nghttpx
722 [ 0.019] recv HEADERS frame <length=36, flags=0x04, stream_id=2>
725 ; First push response header
726 [ 0.026] recv DATA frame <length=16384, flags=0x00, stream_id=2>
727 [ 0.027] recv DATA frame <length=7952, flags=0x00, stream_id=2>
728 [ 0.027] send WINDOW_UPDATE frame <length=4, flags=0x00, stream_id=0>
729 (window_size_increment=33343)
730 [ 0.032] send WINDOW_UPDATE frame <length=4, flags=0x00, stream_id=2>
731 (window_size_increment=33707)
732 [ 0.032] recv DATA frame <length=14645, flags=0x01, stream_id=2>
734 [ 0.032] recv SETTINGS frame <length=0, flags=0x01, stream_id=0>
737 [ 0.032] send GOAWAY frame <length=8, flags=0x00, stream_id=0>
738 (last_stream_id=2, error_code=NO_ERROR(0x00), opaque_data(0)=[])
740 Using the ``-s`` option, ``nghttp`` prints out some timing information for
741 requests, sorted by completion time:
745 $ nghttp -nas https://nghttp2.org/
746 ***** Statistics *****
749 responseEnd: the time when last byte of response was received
750 relative to connectEnd
751 requestStart: the time just before first byte of request was sent
752 relative to connectEnd. If '*' is shown, this was
754 process: responseEnd - requestStart
755 code: HTTP status code
756 size: number of bytes received as response body without
760 see http://www.w3.org/TR/resource-timing/#processing-model
764 id responseEnd requestStart process code size request path
765 13 +37.19ms +280us 36.91ms 200 2K /
766 2 +72.65ms * +36.38ms 36.26ms 200 8K /stylesheets/screen.css
767 17 +77.43ms +38.67ms 38.75ms 200 3K /javascripts/octopress.js
768 15 +78.12ms +38.66ms 39.46ms 200 3K /javascripts/modernizr-2.0.js
770 Using the ``-r`` option, ``nghttp`` writes more detailed timing data to
771 the given file in HAR format.
776 ``nghttpd`` is a multi-threaded static web server.
778 By default, it uses SSL/TLS connection. Use ``--no-tls`` option to
781 ``nghttpd`` only accepts HTTP/2 connections via NPN/ALPN or direct
782 HTTP/2 connections. No HTTP Upgrade is supported.
784 The ``-p`` option allows users to configure server push.
786 Just like ``nghttp``, it has a verbose output mode for framing
787 information. Here is sample output from ``nghttpd``:
791 $ nghttpd --no-tls -v 8080
792 IPv4: listen 0.0.0.0:8080
794 [id=1] [ 1.521] send SETTINGS frame <length=6, flags=0x00, stream_id=0>
796 [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
797 [id=1] [ 1.521] recv SETTINGS frame <length=12, flags=0x00, stream_id=0>
799 [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
800 [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
801 [id=1] [ 1.521] recv SETTINGS frame <length=0, flags=0x01, stream_id=0>
804 [id=1] [ 1.521] recv PRIORITY frame <length=5, flags=0x00, stream_id=3>
805 (dep_stream_id=0, weight=201, exclusive=0)
806 [id=1] [ 1.521] recv PRIORITY frame <length=5, flags=0x00, stream_id=5>
807 (dep_stream_id=0, weight=101, exclusive=0)
808 [id=1] [ 1.521] recv PRIORITY frame <length=5, flags=0x00, stream_id=7>
809 (dep_stream_id=0, weight=1, exclusive=0)
810 [id=1] [ 1.521] recv PRIORITY frame <length=5, flags=0x00, stream_id=9>
811 (dep_stream_id=7, weight=1, exclusive=0)
812 [id=1] [ 1.521] recv PRIORITY frame <length=5, flags=0x00, stream_id=11>
813 (dep_stream_id=3, weight=1, exclusive=0)
814 [id=1] [ 1.521] recv (stream_id=13) :method: GET
815 [id=1] [ 1.521] recv (stream_id=13) :path: /
816 [id=1] [ 1.521] recv (stream_id=13) :scheme: http
817 [id=1] [ 1.521] recv (stream_id=13) :authority: localhost:8080
818 [id=1] [ 1.521] recv (stream_id=13) accept: */*
819 [id=1] [ 1.521] recv (stream_id=13) accept-encoding: gzip, deflate
820 [id=1] [ 1.521] recv (stream_id=13) user-agent: nghttp2/1.0.0-DEV
821 [id=1] [ 1.521] recv HEADERS frame <length=41, flags=0x25, stream_id=13>
822 ; END_STREAM | END_HEADERS | PRIORITY
823 (padlen=0, dep_stream_id=11, weight=16, exclusive=0)
825 [id=1] [ 1.521] send SETTINGS frame <length=0, flags=0x01, stream_id=0>
828 [id=1] [ 1.521] send HEADERS frame <length=86, flags=0x04, stream_id=13>
831 ; First response header
833 server: nghttpd nghttp2/1.0.0-DEV
835 cache-control: max-age=3600
836 date: Fri, 15 May 2015 14:49:04 GMT
837 last-modified: Tue, 30 Sep 2014 12:40:52 GMT
838 [id=1] [ 1.522] send DATA frame <length=10, flags=0x01, stream_id=13>
840 [id=1] [ 1.522] stream_id=13 closed
841 [id=1] [ 1.522] recv GOAWAY frame <length=8, flags=0x00, stream_id=0>
842 (last_stream_id=0, error_code=NO_ERROR(0x00), opaque_data(0)=[])
843 [id=1] [ 1.522] closed
848 ``nghttpx`` is a multi-threaded reverse proxy for HTTP/3, HTTP/2, and
849 HTTP/1.1, and powers http://nghttp2.org and supports HTTP/2 server
852 We reworked ``nghttpx`` command-line interface, and as a result, there
853 are several incompatibles from 1.8.0 or earlier. This is necessary to
854 extend its capability, and secure the further feature enhancements in
855 the future release. Please read `Migration from nghttpx v1.8.0 or
857 <https://nghttp2.org/documentation/nghttpx-howto.html#migration-from-nghttpx-v1-8-0-or-earlier>`_
858 to know how to migrate from earlier releases.
860 ``nghttpx`` implements `important performance-oriented features
861 <https://istlsfastyet.com/#server-performance>`_ in TLS, such as
862 session IDs, session tickets (with automatic key rotation), OCSP
863 stapling, dynamic record sizing, ALPN/NPN, forward secrecy and HTTP/2.
864 ``nghttpx`` also offers the functionality to share session cache and
865 ticket keys among multiple ``nghttpx`` instances via memcached.
867 ``nghttpx`` has 2 operation modes:
869 ================== ======================== ================ =============
870 Mode option Frontend Backend Note
871 ================== ======================== ================ =============
872 default mode HTTP/3, HTTP/2, HTTP/1.1 HTTP/1.1, HTTP/2 Reverse proxy
873 ``--http2-proxy`` HTTP/3, HTTP/2, HTTP/1.1 HTTP/1.1, HTTP/2 Forward proxy
874 ================== ======================== ================ =============
876 The interesting mode at the moment is the default mode. It works like
877 a reverse proxy and listens for HTTP/3, HTTP/2, and HTTP/1.1 and can
878 be deployed as a SSL/TLS terminator for existing web server.
880 In all modes, the frontend connections are encrypted by SSL/TLS by
881 default. To disable encryption, use the ``no-tls`` keyword in
882 ``--frontend`` option. If encryption is disabled, incoming HTTP/1.1
883 connections can be upgraded to HTTP/2 through HTTP Upgrade. On the
884 other hard, backend connections are not encrypted by default. To
885 encrypt backend connections, use ``tls`` keyword in ``--backend``
888 ``nghttpx`` supports a configuration file. See the ``--conf`` option and
889 sample configuration file ``nghttpx.conf.sample``.
891 In the default mode, ``nghttpx`` works as reverse proxy to the backend
896 Client <-- (HTTP/3, HTTP/2, HTTP/1.1) --> nghttpx <-- (HTTP/1.1, HTTP/2) --> Web Server
899 With the ``--http2-proxy`` option, it works as forward proxy, and it
900 is so called secure HTTP/2 proxy:
904 Client <-- (HTTP/3, HTTP/2, HTTP/1.1) --> nghttpx <-- (HTTP/1.1) --> Proxy
905 [secure proxy] (e.g., Squid, ATS)
907 The ``Client`` in the above example needs to be configured to use
908 ``nghttpx`` as secure proxy.
910 At the time of this writing, both Chrome and Firefox support secure
911 HTTP/2 proxy. One way to configure Chrome to use a secure proxy is to
912 create a proxy.pac script like this:
914 .. code-block:: javascript
916 function FindProxyForURL(url, host) {
917 return "HTTPS SERVERADDR:PORT";
920 ``SERVERADDR`` and ``PORT`` is the hostname/address and port of the
921 machine nghttpx is running on. Please note that Chrome requires a valid
922 certificate for secure proxy.
924 Then run Chrome with the following arguments:
928 $ google-chrome --proxy-pac-url=file:///path/to/proxy.pac --use-npn
930 The backend HTTP/2 connections can be tunneled through an HTTP proxy.
931 The proxy is specified using ``--backend-http-proxy-uri``. The
932 following figure illustrates how nghttpx talks to the outside HTTP/2
933 proxy through an HTTP proxy:
937 Client <-- (HTTP/3, HTTP/2, HTTP/1.1) --> nghttpx <-- (HTTP/2) --
939 --===================---> HTTP/2 Proxy
940 (HTTP proxy tunnel) (e.g., nghttpx -s)
945 The ``h2load`` program is a benchmarking tool for HTTP/3, HTTP/2, and
946 HTTP/1.1. The UI of ``h2load`` is heavily inspired by ``weighttp``
947 (https://github.com/lighttpd/weighttp). The typical usage is as
952 $ h2load -n100000 -c100 -m100 https://localhost:8443/
953 starting benchmark...
954 spawning thread #0: 100 concurrent clients, 100000 total requests
956 Cipher: ECDHE-RSA-AES128-GCM-SHA256
957 Server Temp Key: ECDH P-256 256 bits
969 finished in 771.26ms, 129658 req/s, 4.71MB/s
970 requests: 100000 total, 100000 started, 100000 done, 100000 succeeded, 0 failed, 0 errored
971 status codes: 100000 2xx, 0 3xx, 0 4xx, 0 5xx
972 traffic: 3812300 bytes total, 1009900 bytes headers, 1000000 bytes data
973 min max mean sd +/- sd
974 time for request: 25.12ms 124.55ms 51.07ms 15.36ms 84.87%
975 time for connect: 208.94ms 254.67ms 241.38ms 7.95ms 63.00%
976 time to 1st byte: 209.11ms 254.80ms 241.51ms 7.94ms 63.00%
978 The above example issued total 100,000 requests, using 100 concurrent
979 clients (in other words, 100 HTTP/2 sessions), and a maximum of 100 streams
980 per client. With the ``-t`` option, ``h2load`` will use multiple native
981 threads to avoid saturating a single core on client side.
985 **Don't use this tool against publicly available servers.** That is
986 considered a DOS attack. Please only use it against your private
989 If the experimental HTTP/3 is enabled, h2load can send requests to
990 HTTP/3 server. To do this, specify ``h3`` to ``--npn-list`` option
995 $ h2load --npn-list h3 https://127.0.0.1:4433
1000 The ``src`` directory contains the HPACK tools. The ``deflatehd`` program is a
1001 command-line header compression tool. The ``inflatehd`` program is a
1002 command-line header decompression tool. Both tools read input from
1003 stdin and write output to stdout. Errors are written to stderr.
1004 They take JSON as input and output. We (mostly) use the same JSON data
1005 format described at https://github.com/http2jp/hpack-test-case.
1007 deflatehd - header compressor
1008 +++++++++++++++++++++++++++++
1010 The ``deflatehd`` program reads JSON data or HTTP/1-style header fields from
1011 stdin and outputs compressed header block in JSON.
1013 For the JSON input, the root JSON object must include a ``cases`` key.
1014 Its value has to include the sequence of input header set. They share
1015 the same compression context and are processed in the order they
1016 appear. Each item in the sequence is a JSON object and it must
1017 include a ``headers`` key. Its value is an array of JSON objects,
1018 which includes exactly one name/value pair.
1022 .. code-block:: json
1029 { ":method": "GET" },
1035 { ":method": "POST" },
1043 With the ``-t`` option, the program can accept more familiar HTTP/1 style
1044 header field blocks. Each header set is delimited by an empty line:
1048 .. code-block:: text
1057 The output is in JSON object. It should include a ``cases`` key and its
1058 value is an array of JSON objects, which has at least the following keys:
1061 The index of header set in the input.
1064 The sum of the length of the name/value pairs in the input.
1067 The length of the compressed header block.
1069 percentage_of_original_size
1070 ``output_length`` / ``input_length`` * 100
1073 The compressed header block as a hex string.
1076 The input header set.
1079 The header table size adjusted before deflating the header set.
1083 .. code-block:: json
1091 "output_length": 20,
1092 "percentage_of_original_size": 30.303030303030305,
1093 "wire": "01881f3468e5891afcbf83868a3d856659c62e3f",
1096 ":authority": "example.org"
1108 "user-agent": "nghttp2"
1111 "header_table_size": 4096
1117 "output_length": 10,
1118 "percentage_of_original_size": 13.513513513513514,
1119 "wire": "88448504252dd5918485",
1122 ":authority": "example.org"
1134 "user-agent": "nghttp2"
1137 "header_table_size": 4096
1143 The output can be used as the input for ``inflatehd`` and
1146 With the ``-d`` option, the extra ``header_table`` key is added and its
1147 associated value includes the state of dynamic header table after the
1148 corresponding header set was processed. The value includes at least
1152 The entry in the header table. If ``referenced`` is ``true``, it
1153 is in the reference set. The ``size`` includes the overhead (32
1154 bytes). The ``index`` corresponds to the index of header table.
1155 The ``name`` is the header field name and the ``value`` is the
1159 The sum of the spaces entries occupied, this includes the
1163 The maximum header table size.
1166 The sum of the spaces entries occupied within
1167 ``max_deflate_size``.
1170 The maximum header table size the encoder uses. This can be smaller
1171 than ``max_size``. In this case, the encoder only uses up to first
1172 ``max_deflate_size`` buffer. Since the header table size is still
1173 ``max_size``, the encoder has to keep track of entries outside the
1174 ``max_deflate_size`` but inside the ``max_size`` and make sure
1175 that they are no longer referenced.
1179 .. code-block:: json
1187 "output_length": 20,
1188 "percentage_of_original_size": 30.303030303030305,
1189 "wire": "01881f3468e5891afcbf83868a3d856659c62e3f",
1192 ":authority": "example.org"
1204 "user-agent": "nghttp2"
1207 "header_table_size": 4096,
1212 "name": "user-agent",
1240 "name": ":authority",
1241 "value": "example.org",
1248 "deflate_size": 226,
1249 "max_deflate_size": 4096
1256 "output_length": 10,
1257 "percentage_of_original_size": 13.513513513513514,
1258 "wire": "88448504252dd5918485",
1261 ":authority": "example.org"
1273 "user-agent": "nghttp2"
1276 "header_table_size": 4096,
1288 "name": "user-agent",
1304 "referenced": false,
1311 "referenced": false,
1316 "name": ":authority",
1317 "value": "example.org",
1324 "deflate_size": 269,
1325 "max_deflate_size": 4096
1331 inflatehd - header decompressor
1332 +++++++++++++++++++++++++++++++
1334 The ``inflatehd`` program reads JSON data from stdin and outputs decompressed
1335 name/value pairs in JSON.
1337 The root JSON object must include the ``cases`` key. Its value has to
1338 include the sequence of compressed header blocks. They share the same
1339 compression context and are processed in the order they appear. Each
1340 item in the sequence is a JSON object and it must have at least a
1341 ``wire`` key. Its value is a compressed header block as a hex string.
1345 .. code-block:: json
1355 The output is a JSON object. It should include a ``cases`` key and its
1356 value is an array of JSON objects, which has at least following keys:
1359 The index of the header set in the input.
1362 A JSON array that includes decompressed name/value pairs.
1365 The compressed header block as a hex string.
1368 The header table size adjusted before inflating compressed header
1373 .. code-block:: json
1380 "wire": "01881f3468e5891afcbf83868a3d856659c62e3f",
1383 ":authority": "example.org"
1395 "user-agent": "nghttp2"
1398 "header_table_size": 4096
1403 "wire": "88448504252dd5918485",
1412 "user-agent": "nghttp2"
1418 ":authority": "example.org"
1421 "header_table_size": 4096
1426 The output can be used as the input for ``deflatehd`` and
1429 With the ``-d`` option, the extra ``header_table`` key is added and its
1430 associated value includes the state of the dynamic header table after the
1431 corresponding header set was processed. The format is the same as
1434 libnghttp2_asio: High level HTTP/2 C++ library
1435 ----------------------------------------------
1437 libnghttp2_asio is C++ library built on top of libnghttp2 and provides
1438 high level abstraction API to build HTTP/2 applications. It depends
1439 on the Boost::ASIO library and OpenSSL. Currently libnghttp2_asio
1440 provides both client and server APIs.
1442 libnghttp2_asio is not built by default. Use the ``--enable-asio-lib``
1443 configure flag to build libnghttp2_asio. The required Boost libraries
1450 The server API is designed to build an HTTP/2 server very easily to utilize
1451 C++14 anonymous functions and closures. The bare minimum example of
1452 an HTTP/2 server looks like this:
1458 #include <nghttp2/asio_http2_server.h>
1460 using namespace nghttp2::asio_http2;
1461 using namespace nghttp2::asio_http2::server;
1463 int main(int argc, char *argv[]) {
1464 boost::system::error_code ec;
1467 server.handle("/", [](const request &req, const response &res) {
1468 res.write_head(200);
1469 res.end("hello, world\n");
1472 if (server.listen_and_serve(ec, "localhost", "3000")) {
1473 std::cerr << "error: " << ec.message() << std::endl;
1477 Here is sample code to use the client API:
1483 #include <nghttp2/asio_http2_client.h>
1485 using boost::asio::ip::tcp;
1487 using namespace nghttp2::asio_http2;
1488 using namespace nghttp2::asio_http2::client;
1490 int main(int argc, char *argv[]) {
1491 boost::system::error_code ec;
1492 boost::asio::io_service io_service;
1494 // connect to localhost:3000
1495 session sess(io_service, "localhost", "3000");
1497 sess.on_connect([&sess](tcp::resolver::iterator endpoint_it) {
1498 boost::system::error_code ec;
1500 auto req = sess.submit(ec, "GET", "http://localhost:3000/");
1502 req->on_response([](const response &res) {
1503 // print status code and response header fields.
1504 std::cerr << "HTTP/2 " << res.status_code() << std::endl;
1505 for (auto &kv : res.header()) {
1506 std::cerr << kv.first << ": " << kv.second.value << "\n";
1508 std::cerr << std::endl;
1510 res.on_data([](const uint8_t *data, std::size_t len) {
1511 std::cerr.write(reinterpret_cast<const char *>(data), len);
1512 std::cerr << std::endl;
1516 req->on_close([&sess](uint32_t error_code) {
1517 // shutdown session after first request was done.
1522 sess.on_error([](const boost::system::error_code &ec) {
1523 std::cerr << "error: " << ec.message() << std::endl;
1529 For more details, see the documentation of libnghttp2_asio.
1534 The ``python`` directory contains nghttp2 Python bindings. The
1535 bindings currently provide HPACK compressor and decompressor classes
1536 and an HTTP/2 server.
1538 The extension module is called ``nghttp2``.
1540 ``make`` will build the bindings and target Python version is
1541 determined by the ``configure`` script. If the detected Python version is not
1542 what you expect, specify a path to Python executable in a ``PYTHON``
1543 variable as an argument to configure script (e.g., ``./configure
1544 PYTHON=/usr/bin/python3.8``).
1546 The following example code illustrates basic usage of the HPACK compressor
1547 and decompressor in Python:
1549 .. code-block:: python
1554 deflater = nghttp2.HDDeflater()
1555 inflater = nghttp2.HDInflater()
1557 data = deflater.deflate([(b'foo', b'bar'),
1559 print(binascii.b2a_hex(data))
1561 hdrs = inflater.inflate(data)
1564 The ``nghttp2.HTTP2Server`` class builds on top of the asyncio event
1565 loop. On construction, *RequestHandlerClass* must be given, which
1566 must be a subclass of ``nghttp2.BaseRequestHandler`` class.
1568 The ``BaseRequestHandler`` class is used to handle the HTTP/2 stream.
1569 By default, it does nothing. It must be subclassed to handle each
1570 event callback method.
1572 The first callback method invoked is ``on_headers()``. It is called
1573 when HEADERS frame, which includes the request header fields, has arrived.
1575 If the request has a request body, ``on_data(data)`` is invoked for each
1576 chunk of received data.
1578 Once the entire request is received, ``on_request_done()`` is invoked.
1580 When the stream is closed, ``on_close(error_code)`` is called.
1582 The application can send a response using ``send_response()`` method.
1583 It can be used in ``on_headers()``, ``on_data()`` or
1584 ``on_request_done()``.
1586 The application can push resources using the ``push()`` method. It must be
1587 used before the ``send_response()`` call.
1589 The following instance variables are available:
1592 Contains a tuple of the form (host, port) referring to the
1596 Stream ID of this stream.
1599 Scheme of the request URI. This is a value of :scheme header
1603 Method of this stream. This is a value of :method header field.
1606 This is a value of :authority or host header field.
1609 This is a value of :path header field.
1611 The following example illustrates the HTTP2Server and
1612 BaseRequestHandler usage:
1614 .. code-block:: python
1616 #!/usr/bin/env python3
1621 class Handler(nghttp2.BaseRequestHandler):
1623 def on_headers(self):
1624 self.push(path='/css/bootstrap.css',
1625 request_headers = [('content-length', '3')],
1629 self.push(path='/js/bootstrap.js',
1631 request_headers = [('content-length', '10')],
1635 self.send_response(status=200,
1636 headers = [('content-type', 'text/plain')],
1637 body=io.BytesIO(b'nghttp2-python FTW'))
1639 ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
1640 ctx.options = ssl.OP_ALL | ssl.OP_NO_SSLv2
1641 ctx.load_cert_chain('server.crt', 'server.key')
1643 # give None to ssl to make the server non-SSL/TLS
1644 server = nghttp2.HTTP2Server(('127.0.0.1', 8443), Handler, ssl=ctx)
1645 server.serve_forever()
1650 [This text was composed based on 1.2. License section of curl/libcurl
1653 When contributing with code, you agree to put your changes and new
1654 code under the same license nghttp2 is already using unless stated and
1657 When changing existing source code, do not alter the copyright of
1658 the original file(s). The copyright will still be owned by the
1659 original creator(s) or those who have been assigned copyright by the
1662 By submitting a patch to the nghttp2 project, you (or your employer, as
1663 the case may be) agree to assign the copyright of your submission to us.
1664 .. the above really needs to be reworded to pass legal muster.
1665 We will credit you for your
1666 changes as far as possible, to give credit but also to keep a trace
1667 back to who made what changes. Please always provide us with your
1668 full real name when contributing!
1670 See `Contribution Guidelines
1671 <https://nghttp2.org/documentation/contribute.html>`_ for more
1674 Reporting vulnerability
1675 -----------------------
1677 If you find a vulnerability in our software, please send the email to
1678 "tatsuhiro.t at gmail dot com" about its details instead of submitting
1679 issues on github issue page. It is a standard practice not to
1680 disclose vulnerability information publicly until a fixed version is
1681 released, or mitigation is worked out.
1683 In the future, we may setup a dedicated mail address for this purpose.
1688 In general, we follow `Semantic Versioning <http://semver.org/>`_. We
1689 release MINOR version update every month, and usually we ship it
1690 around 25th day of every month.
1692 We may release PATCH releases between the regular releases, mainly for
1693 severe security bug fixes.
1695 We have no plan to break API compatibility changes involving soname
1696 bump, so MAJOR version will stay 1 for the foreseeable future.