documentation/9.4.x/http2.html - www.eclipse.org/jetty - Git at Google

 <html><head>
       <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
    <title>Chapter&nbsp;16.&nbsp;HTTP/2</title><link rel="stylesheet" type="text/css" href="css/docbook.css"><meta name="generator" content="DocBook XSL Stylesheets V1.79.1"><meta name="keywords" content="jetty, servlet, servlet-api, cometd, http, websocket, eclipse, maven, java, server, software"><link rel="home" href="index.html" title="Jetty"><link rel="up" href="jetty-admin-guide.html" title="Part&nbsp;III.&nbsp;Jetty Administration Guide"><link rel="prev" href="alpn-chapter.html" title="Chapter&nbsp;15.&nbsp;Application Layer Protocol Negotiation (ALPN)"><link rel="next" href="http2-enabling.html" title="Enabling HTTP/2"><link xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" rel="shortcut icon" href="images/favicon.ico"><link rel="stylesheet" href="css/highlighter/foundation.css"><script src="js/highlight.pack.js"></script><script>
       hljs.initHighlightingOnLoad();
     </script><link type="text/css" rel="stylesheet" href="css/font-awesome/font-awesome.min.css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><table xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><tr><td style="width: 25%"><a href="http://www.eclipse.org/jetty"><img src="images/jetty-header-logo.png" alt="Jetty Logo"></a><br><span style="font-size: small">
             Version: 9.4.28-SNAPSHOT</span></td><td style="width: 50%"></td></tr></table><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter&nbsp;16.&nbsp;HTTP/2</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="alpn-chapter.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a>&nbsp;</td><th width="60%" align="center">Part&nbsp;III.&nbsp;Jetty Administration Guide<br><a accesskey="p" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></th><td width="20%" align="right">&nbsp;<a accesskey="n" href="http2-enabling.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr></table><hr></div><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="jetty-callout"><h5 class="callout"><a href="http://www.webtide.com/">Contact the core Jetty developers at
           <span class="website">www.webtide.com</span></a></h5><p>
  private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ...
  scalability guidance for your apps and Ajax/Comet projects ... development services for sponsored feature development
       </p></div><div class="chapter"><div class="titlepage"><div><div><h2 class="title"><a name="http2"></a>Chapter&nbsp;16.&nbsp;HTTP/2</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="section"><a href="http2.html#http2-introduction">Introducing HTTP/2</a></span></dt><dt><span class="section"><a href="http2-enabling.html">Enabling HTTP/2</a></span></dt><dt><span class="section"><a href="http2-configuring.html">Configuring HTTP/2</a></span></dt><dt><span class="section"><a href="http2-configuring-push.html">Configuring HTTP/2 Push</a></span></dt><dt><span class="section"><a href="http2-configuring-haproxy.html">Configuring HAProxy and Jetty</a></span></dt></dl></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="http2-introduction"></a>Introducing HTTP/2</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="http2.html#http2-security-update">Jetty HTTP/2 Security Update</a></span></dt><dt><span class="section"><a href="http2.html#http2-modules">Jetty HTTP/2 Sub Projects</a></span></dt></dl></div><p>Jetty supports both a client and a server implementation for the HTTP/2 protocol as defined by <a class="link" href="http://tools.ietf.org/html/rfc7540" target="_top">RFC 7540</a>.</p><p>The requirements for running HTTP/2 are JDK 8 or greater, and typically also ALPN support (see <a class="xref" href="alpn-chapter.html" title="Chapter&nbsp;15.&nbsp;Application Layer Protocol Negotiation (ALPN)">Chapter&nbsp;15, <i>Application Layer Protocol Negotiation (ALPN)</i></a>).</p><p>A server deployed over TLS (SSL) normally advertises the HTTP/2 protocol via the TLS extension Application Layer Protocol Negotiation <a class="link" href="alpn-chapter.html#alpn" title="Introducing ALPN">(ALPN)</a>.</p><div class="blockquote"><blockquote class="blockquote"><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><i class="fa fa-asterisk" aria-hidden="true"></i> Note</h3><p>To use HTTP/2 in Jetty via a TLS connector you need to add the ALPN boot jar in the boot classpath.
 This is done automatically when using the Jetty distribution&#8217;s start.jar <a class="link" href="startup-modules.html" title="Managing Startup Modules">module system</a>, but must be configured directly otherwise.</p></div></blockquote></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="http2-security-update"></a>Jetty HTTP/2 Security Update</h3></div></div></div><p>In mid-2019, there were a <a class="link" href="security-reports.html" title="Jetty Security Reports">number of CVEs</a> were issued warning against vulnerable HTTP/2 implementations. These CVEs (CVE-2019-9511 thru CVE-2019-9518) generally centered around attackers manipulating and flooding HTTP/2 servers and creating a denial of service (DOS). These vulnerabilities were patched with Jetty 9.4.21.</p><p>As a result of these CVEs, Jetty introduced a new, configurable denial of service (DOS) protection feature in Jetty 9.4.22.</p><p>Jetty&#8217;s HTTP/2 implementation now features a new Rate Control parameter, <code class="literal">jetty.http2.rateControl.maxEventsPerSecond</code>, that defaults to 20 events per second, per connection for all pings, bad frames, settings frames, priority changes etc.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="http2-modules"></a>Jetty HTTP/2 Sub Projects</h3></div></div></div><p>The Jetty HTTP/2 implementation consists of the following sub-projects (each producing a jar file):</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><code class="literal">http2-common</code>: Contains the HTTP/2 API and a partial implementation shared across other modules.</li><li class="listitem"><code class="literal">http2-hpack</code>: Contains the HTTP/2 HPACK implementation for HTTP header compression.</li><li class="listitem"><code class="literal">http2-server</code>: Provides the server-side implementation of HTTP/2.</li><li class="listitem"><code class="literal">http2-client</code>: Provides the implementation of HTTP/2 client with a low level HTTP/2 API, dealing with HTTP/2 streams, frames, etc.</li><li class="listitem"><code class="literal">http2-http-client-transport</code>: Provides the implementation of the HTTP/2 transport for <code class="literal">HttpClient</code> (see <a class="xref" href="http-client.html" title="Chapter&nbsp;22.&nbsp;HTTP Client">Chapter&nbsp;22, <i>HTTP Client</i></a>).
 Applications can use the higher level API provided by <code class="literal">HttpClient</code> to send HTTP requests and receive HTTP responses, and the HTTP/2 transport will take care of converting them in HTTP/2 format (see also <a class="link" href="https://webtide.com/http2-support-for-httpclient/" target="_top">this blog entry</a>).</li></ol></div></div></div></div><script type="text/javascript">
       SyntaxHighlighter.all()
     </script><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="alpn-chapter.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a>&nbsp;</td><td width="20%" align="center"><a accesskey="u" href="jetty-admin-guide.html"><i class="fa fa-chevron-up" aria-hidden="true"></i> Top</a></td><td width="40%" align="right">&nbsp;<a accesskey="n" href="http2-enabling.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr><tr><td width="40%" align="left" valign="top">Chapter&nbsp;15.&nbsp;Application Layer Protocol Negotiation (ALPN)&nbsp;</td><td width="20%" align="center"><a accesskey="h" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></td><td width="40%" align="right" valign="top">&nbsp;Enabling HTTP/2</td></tr></table></div><p xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><div class="jetty-callout">
             See an error or something missing?
             <span class="callout"><a href="http://github.com/eclipse/jetty.project">Contribute to this documentation at
                 <span class="website"><i class="fa fa-github" aria-hidden="true"></i> Github!</span></a></span><span style="float: right"><i>(Generated: 2020-03-10)</i></span></div></p></body></html>
	<html><head>
	<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
	<title>Chapter 16. HTTP/2</title><link rel="stylesheet" type="text/css" href="css/docbook.css"><meta name="generator" content="DocBook XSL Stylesheets V1.79.1"><meta name="keywords" content="jetty, servlet, servlet-api, cometd, http, websocket, eclipse, maven, java, server, software"><link rel="home" href="index.html" title="Jetty"><link rel="up" href="jetty-admin-guide.html" title="Part III. Jetty Administration Guide"><link rel="prev" href="alpn-chapter.html" title="Chapter 15. Application Layer Protocol Negotiation (ALPN)"><link rel="next" href="http2-enabling.html" title="Enabling HTTP/2"><link xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" rel="shortcut icon" href="images/favicon.ico"><link rel="stylesheet" href="css/highlighter/foundation.css"><script src="js/highlight.pack.js"></script><script>
	hljs.initHighlightingOnLoad();
	</script><link type="text/css" rel="stylesheet" href="css/font-awesome/font-awesome.min.css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><table xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><tr><td style="width: 25%"><a href="http://www.eclipse.org/jetty"><img src="images/jetty-header-logo.png" alt="Jetty Logo"></a><br><span style="font-size: small">
	Version: 9.4.28-SNAPSHOT</span></td><td style="width: 50%"></td></tr></table><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 16. HTTP/2</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="alpn-chapter.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a> </td><th width="60%" align="center">Part III. Jetty Administration Guide<br><a accesskey="p" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></th><td width="20%" align="right"> <a accesskey="n" href="http2-enabling.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr></table><hr></div><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="jetty-callout"><h5 class="callout"><a href="http://www.webtide.com/">Contact the core Jetty developers at
	<span class="website">www.webtide.com</span></a></h5><p>
	private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ...
	scalability guidance for your apps and Ajax/Comet projects ... development services for sponsored feature development
	</p></div><div class="chapter"><div class="titlepage"><div><div><h2 class="title"><a name="http2"></a>Chapter 16. HTTP/2</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="section"><a href="http2.html#http2-introduction">Introducing HTTP/2</a></span></dt><dt><span class="section"><a href="http2-enabling.html">Enabling HTTP/2</a></span></dt><dt><span class="section"><a href="http2-configuring.html">Configuring HTTP/2</a></span></dt><dt><span class="section"><a href="http2-configuring-push.html">Configuring HTTP/2 Push</a></span></dt><dt><span class="section"><a href="http2-configuring-haproxy.html">Configuring HAProxy and Jetty</a></span></dt></dl></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="http2-introduction"></a>Introducing HTTP/2</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="http2.html#http2-security-update">Jetty HTTP/2 Security Update</a></span></dt><dt><span class="section"><a href="http2.html#http2-modules">Jetty HTTP/2 Sub Projects</a></span></dt></dl></div><p>Jetty supports both a client and a server implementation for the HTTP/2 protocol as defined by <a class="link" href="http://tools.ietf.org/html/rfc7540" target="_top">RFC 7540</a>.</p><p>The requirements for running HTTP/2 are JDK 8 or greater, and typically also ALPN support (see <a class="xref" href="alpn-chapter.html" title="Chapter 15. Application Layer Protocol Negotiation (ALPN)">Chapter 15, <i>Application Layer Protocol Negotiation (ALPN)</i></a>).</p><p>A server deployed over TLS (SSL) normally advertises the HTTP/2 protocol via the TLS extension Application Layer Protocol Negotiation <a class="link" href="alpn-chapter.html#alpn" title="Introducing ALPN">(ALPN)</a>.</p><div class="blockquote"><blockquote class="blockquote"><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><i class="fa fa-asterisk" aria-hidden="true"></i> Note</h3><p>To use HTTP/2 in Jetty via a TLS connector you need to add the ALPN boot jar in the boot classpath.
	This is done automatically when using the Jetty distribution’s start.jar <a class="link" href="startup-modules.html" title="Managing Startup Modules">module system</a>, but must be configured directly otherwise.</p></div></blockquote></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="http2-security-update"></a>Jetty HTTP/2 Security Update</h3></div></div></div><p>In mid-2019, there were a <a class="link" href="security-reports.html" title="Jetty Security Reports">number of CVEs</a> were issued warning against vulnerable HTTP/2 implementations. These CVEs (CVE-2019-9511 thru CVE-2019-9518) generally centered around attackers manipulating and flooding HTTP/2 servers and creating a denial of service (DOS). These vulnerabilities were patched with Jetty 9.4.21.</p><p>As a result of these CVEs, Jetty introduced a new, configurable denial of service (DOS) protection feature in Jetty 9.4.22.</p><p>Jetty’s HTTP/2 implementation now features a new Rate Control parameter, <code class="literal">jetty.http2.rateControl.maxEventsPerSecond</code>, that defaults to 20 events per second, per connection for all pings, bad frames, settings frames, priority changes etc.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="http2-modules"></a>Jetty HTTP/2 Sub Projects</h3></div></div></div><p>The Jetty HTTP/2 implementation consists of the following sub-projects (each producing a jar file):</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><code class="literal">http2-common</code>: Contains the HTTP/2 API and a partial implementation shared across other modules.</li><li class="listitem"><code class="literal">http2-hpack</code>: Contains the HTTP/2 HPACK implementation for HTTP header compression.</li><li class="listitem"><code class="literal">http2-server</code>: Provides the server-side implementation of HTTP/2.</li><li class="listitem"><code class="literal">http2-client</code>: Provides the implementation of HTTP/2 client with a low level HTTP/2 API, dealing with HTTP/2 streams, frames, etc.</li><li class="listitem"><code class="literal">http2-http-client-transport</code>: Provides the implementation of the HTTP/2 transport for <code class="literal">HttpClient</code> (see <a class="xref" href="http-client.html" title="Chapter 22. HTTP Client">Chapter 22, <i>HTTP Client</i></a>).
	Applications can use the higher level API provided by <code class="literal">HttpClient</code> to send HTTP requests and receive HTTP responses, and the HTTP/2 transport will take care of converting them in HTTP/2 format (see also <a class="link" href="https://webtide.com/http2-support-for-httpclient/" target="_top">this blog entry</a>).</li></ol></div></div></div></div><script type="text/javascript">
	SyntaxHighlighter.all()
	</script><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="alpn-chapter.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a> </td><td width="20%" align="center"><a accesskey="u" href="jetty-admin-guide.html"><i class="fa fa-chevron-up" aria-hidden="true"></i> Top</a></td><td width="40%" align="right"> <a accesskey="n" href="http2-enabling.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 15. Application Layer Protocol Negotiation (ALPN) </td><td width="20%" align="center"><a accesskey="h" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></td><td width="40%" align="right" valign="top"> Enabling HTTP/2</td></tr></table></div><p xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><div class="jetty-callout">
	See an error or something missing?
	<span class="callout"><a href="http://github.com/eclipse/jetty.project">Contribute to this documentation at
	<span class="website"><i class="fa fa-github" aria-hidden="true"></i> Github!</span></a></span><span style="float: right"><i>(Generated: 2020-03-10)</i></span></div></p></body></html>