tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Glossaries     Architecture     IMS     UICC    |    search     info

RFC 7540

 
 
 

Hypertext Transfer Protocol Version 2 (HTTP/2)

Part 5 of 5, p. 74 to 96
Prev RFC Part

 


prevText      Top      Up      ToC       Page 74 
11.  IANA Considerations

   A string for identifying HTTP/2 is entered into the "Application-
   Layer Protocol Negotiation (ALPN) Protocol IDs" registry established
   in [TLS-ALPN].

   This document establishes a registry for frame types, settings, and
   error codes.  These new registries appear in the new "Hypertext
   Transfer Protocol version 2 (HTTP/2) Parameters" section.

   This document registers the HTTP2-Settings header field for use in
   HTTP; it also registers the 421 (Misdirected Request) status code.

   This document registers the "PRI" method for use in HTTP to avoid
   collisions with the connection preface (Section 3.5).

11.1.  Registration of HTTP/2 Identification Strings

   This document creates two registrations for the identification of
   HTTP/2 (see Section 3.3) in the "Application-Layer Protocol
   Negotiation (ALPN) Protocol IDs" registry established in [TLS-ALPN].

   The "h2" string identifies HTTP/2 when used over TLS:

   Protocol:  HTTP/2 over TLS

   Identification Sequence:  0x68 0x32 ("h2")

   Specification:  This document

   The "h2c" string identifies HTTP/2 when used over cleartext TCP:

   Protocol:  HTTP/2 over TCP

Top      Up      ToC       Page 75 
   Identification Sequence:  0x68 0x32 0x63 ("h2c")

   Specification:  This document

11.2.  Frame Type Registry

   This document establishes a registry for HTTP/2 frame type codes.
   The "HTTP/2 Frame Type" registry manages an 8-bit space.  The "HTTP/2
   Frame Type" registry operates under either of the "IETF Review" or
   "IESG Approval" policies [RFC5226] for values between 0x00 and 0xef,
   with values between 0xf0 and 0xff being reserved for Experimental
   Use.

   New entries in this registry require the following information:

   Frame Type:  A name or label for the frame type.

   Code:  The 8-bit code assigned to the frame type.

   Specification:  A reference to a specification that includes a
      description of the frame layout, its semantics, and flags that the
      frame type uses, including any parts of the frame that are
      conditionally present based on the value of flags.

   The entries in the following table are registered by this document.

   +---------------+------+--------------+
   | Frame Type    | Code | Section      |
   +---------------+------+--------------+
   | DATA          | 0x0  | Section 6.1  |
   | HEADERS       | 0x1  | Section 6.2  |
   | PRIORITY      | 0x2  | Section 6.3  |
   | RST_STREAM    | 0x3  | Section 6.4  |
   | SETTINGS      | 0x4  | Section 6.5  |
   | PUSH_PROMISE  | 0x5  | Section 6.6  |
   | PING          | 0x6  | Section 6.7  |
   | GOAWAY        | 0x7  | Section 6.8  |
   | WINDOW_UPDATE | 0x8  | Section 6.9  |
   | CONTINUATION  | 0x9  | Section 6.10 |
   +---------------+------+--------------+

11.3.  Settings Registry

   This document establishes a registry for HTTP/2 settings.  The
   "HTTP/2 Settings" registry manages a 16-bit space.  The "HTTP/2
   Settings" registry operates under the "Expert Review" policy
   [RFC5226] for values in the range from 0x0000 to 0xefff, with values
   between and 0xf000 and 0xffff being reserved for Experimental Use.

Top      Up      ToC       Page 76 
   New registrations are advised to provide the following information:

   Name:  A symbolic name for the setting.  Specifying a setting name is
      optional.

   Code:  The 16-bit code assigned to the setting.

   Initial Value:  An initial value for the setting.

   Specification:  An optional reference to a specification that
      describes the use of the setting.

   The entries in the following table are registered by this document.

   +------------------------+------+---------------+---------------+
   | Name                   | Code | Initial Value | Specification |
   +------------------------+------+---------------+---------------+
   | HEADER_TABLE_SIZE      | 0x1  | 4096          | Section 6.5.2 |
   | ENABLE_PUSH            | 0x2  | 1             | Section 6.5.2 |
   | MAX_CONCURRENT_STREAMS | 0x3  | (infinite)    | Section 6.5.2 |
   | INITIAL_WINDOW_SIZE    | 0x4  | 65535         | Section 6.5.2 |
   | MAX_FRAME_SIZE         | 0x5  | 16384         | Section 6.5.2 |
   | MAX_HEADER_LIST_SIZE   | 0x6  | (infinite)    | Section 6.5.2 |
   +------------------------+------+---------------+---------------+

11.4.  Error Code Registry

   This document establishes a registry for HTTP/2 error codes.  The
   "HTTP/2 Error Code" registry manages a 32-bit space.  The "HTTP/2
   Error Code" registry operates under the "Expert Review" policy
   [RFC5226].

   Registrations for error codes are required to include a description
   of the error code.  An expert reviewer is advised to examine new
   registrations for possible duplication with existing error codes.
   Use of existing registrations is to be encouraged, but not mandated.

   New registrations are advised to provide the following information:

   Name:  A name for the error code.  Specifying an error code name is
      optional.

   Code:  The 32-bit error code value.

   Description:  A brief description of the error code semantics, longer
      if no detailed specification is provided.

Top      Up      ToC       Page 77 
   Specification:  An optional reference for a specification that
      defines the error code.

   The entries in the following table are registered by this document.

   +---------------------+------+----------------------+---------------+
   | Name                | Code | Description          | Specification |
   +---------------------+------+----------------------+---------------+
   | NO_ERROR            | 0x0  | Graceful shutdown    | Section 7     |
   | PROTOCOL_ERROR      | 0x1  | Protocol error       | Section 7     |
   |                     |      | detected             |               |
   | INTERNAL_ERROR      | 0x2  | Implementation fault | Section 7     |
   | FLOW_CONTROL_ERROR  | 0x3  | Flow-control limits  | Section 7     |
   |                     |      | exceeded             |               |
   | SETTINGS_TIMEOUT    | 0x4  | Settings not         | Section 7     |
   |                     |      | acknowledged         |               |
   | STREAM_CLOSED       | 0x5  | Frame received for   | Section 7     |
   |                     |      | closed stream        |               |
   | FRAME_SIZE_ERROR    | 0x6  | Frame size incorrect | Section 7     |
   | REFUSED_STREAM      | 0x7  | Stream not processed | Section 7     |
   | CANCEL              | 0x8  | Stream cancelled     | Section 7     |
   | COMPRESSION_ERROR   | 0x9  | Compression state    | Section 7     |
   |                     |      | not updated          |               |
   | CONNECT_ERROR       | 0xa  | TCP connection error | Section 7     |
   |                     |      | for CONNECT method   |               |
   | ENHANCE_YOUR_CALM   | 0xb  | Processing capacity  | Section 7     |
   |                     |      | exceeded             |               |
   | INADEQUATE_SECURITY | 0xc  | Negotiated TLS       | Section 7     |
   |                     |      | parameters not       |               |
   |                     |      | acceptable           |               |
   | HTTP_1_1_REQUIRED   | 0xd  | Use HTTP/1.1 for the | Section 7     |
   |                     |      | request              |               |
   +---------------------+------+----------------------+---------------+

11.5.  HTTP2-Settings Header Field Registration

   This section registers the HTTP2-Settings header field in the
   "Permanent Message Header Field Names" registry [BCP90].

   Header field name:  HTTP2-Settings

   Applicable protocol:  http

   Status:  standard

   Author/Change controller:  IETF

Top      Up      ToC       Page 78 
   Specification document(s):  Section 3.2.1 of this document

   Related information:  This header field is only used by an HTTP/2
      client for Upgrade-based negotiation.

11.6.  PRI Method Registration

   This section registers the "PRI" method in the "HTTP Method Registry"
   ([RFC7231], Section 8.1).

   Method Name:  PRI

   Safe:  Yes

   Idempotent:  Yes

   Specification document(s):  Section 3.5 of this document

   Related information:  This method is never used by an actual client.
      This method will appear to be used when an HTTP/1.1 server or
      intermediary attempts to parse an HTTP/2 connection preface.

11.7.  The 421 (Misdirected Request) HTTP Status Code

   This document registers the 421 (Misdirected Request) HTTP status
   code in the "HTTP Status Codes" registry ([RFC7231], Section 8.2).

   Status Code:  421

   Short Description:  Misdirected Request

   Specification:  Section 9.1.2 of this document

11.8.  The h2c Upgrade Token

   This document registers the "h2c" upgrade token in the "HTTP Upgrade
   Tokens" registry ([RFC7230], Section 8.6).

   Value:  h2c

   Description:  Hypertext Transfer Protocol version 2 (HTTP/2)

   Expected Version Tokens:  None

   Reference:  Section 3.2 of this document

Top      Up      ToC       Page 79 
12.  References

12.1.  Normative References

   [COMPRESSION] Peon, R. and H. Ruellan, "HPACK: Header Compression for
                 HTTP/2", RFC 7541, DOI 10.17487/RFC7541, May 2015,
                 <http://www.rfc-editor.org/info/rfc7541>.

   [COOKIE]      Barth, A., "HTTP State Management Mechanism", RFC 6265,
                 DOI 10.17487/RFC6265, April 2011,
                 <http://www.rfc-editor.org/info/rfc6265>.

   [FIPS186]     NIST, "Digital Signature Standard (DSS)", FIPS PUB
                 186-4, July 2013,
                 <http://dx.doi.org/10.6028/NIST.FIPS.186-4>.

   [RFC2119]     Bradner, S., "Key words for use in RFCs to Indicate
                 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
                 RFC2119, March 1997,
                 <http://www.rfc-editor.org/info/rfc2119>.

   [RFC2818]     Rescorla, E., "HTTP Over TLS", RFC 2818, DOI 10.17487/
                 RFC2818, May 2000,
                 <http://www.rfc-editor.org/info/rfc2818>.

   [RFC3986]     Berners-Lee, T., Fielding, R., and L. Masinter,
                 "Uniform Resource Identifier (URI): Generic Syntax",
                 STD 66, RFC 3986, DOI 10.17487/RFC3986, January 2005,
                 <http://www.rfc-editor.org/info/rfc3986>.

   [RFC4648]     Josefsson, S., "The Base16, Base32, and Base64 Data
                 Encodings", RFC 4648, DOI 10.17487/RFC4648, October
                 2006, <http://www.rfc-editor.org/info/rfc4648>.

   [RFC5226]     Narten, T. and H. Alvestrand, "Guidelines for Writing
                 an IANA Considerations Section in RFCs", BCP 26,
                 RFC 5226, DOI 10.17487/RFC5226, May 2008,
                 <http://www.rfc-editor.org/info/rfc5226>.

   [RFC5234]     Crocker, D., Ed. and P. Overell, "Augmented BNF for
                 Syntax Specifications: ABNF", STD 68, RFC 5234,
                 DOI 10.17487/ RFC5234, January 2008,
                 <http://www.rfc-editor.org/info/rfc5234>.

   [RFC7230]     Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
                 Transfer Protocol (HTTP/1.1): Message Syntax and
                 Routing", RFC 7230, DOI 10.17487/RFC7230, June 2014,
                 <http://www.rfc-editor.org/info/rfc7230>.

Top      Up      ToC       Page 80 
   [RFC7231]     Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
                 Transfer Protocol (HTTP/1.1): Semantics and Content",
                 RFC 7231, DOI 10.17487/RFC7231, June 2014,
                 <http://www.rfc-editor.org/info/rfc7231>.

   [RFC7232]     Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
                 Transfer Protocol (HTTP/1.1): Conditional Requests",
                 RFC 7232, DOI 10.17487/RFC7232, June 2014,
                 <http://www.rfc-editor.org/info/rfc7232>.

   [RFC7233]     Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed.,
                 "Hypertext Transfer Protocol (HTTP/1.1): Range
                 Requests", RFC 7233, DOI 10.17487/RFC7233, June 2014,
                 <http://www.rfc-editor.org/info/rfc7233>.

   [RFC7234]     Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
                 Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
                 RFC 7234, DOI 10.17487/RFC7234, June 2014,
                 <http://www.rfc-editor.org/info/rfc7234>.

   [RFC7235]     Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
                 Transfer Protocol (HTTP/1.1): Authentication",
                 RFC 7235, DOI 10.17487/RFC7235, June 2014,
                 <http://www.rfc-editor.org/info/rfc7235>.

   [TCP]         Postel, J., "Transmission Control Protocol", STD 7, RFC
                 793, DOI 10.17487/RFC0793, September 1981,
                 <http://www.rfc-editor.org/info/rfc793>.

   [TLS-ALPN]    Friedl, S., Popov, A., Langley, A., and E. Stephan,
                 "Transport Layer Security (TLS) Application-Layer
                 Protocol Negotiation Extension", RFC 7301,
                 DOI 10.17487/RFC7301, July 2014,
                 <http://www.rfc-editor.org/info/rfc7301>.

   [TLS-ECDHE]   Rescorla, E., "TLS Elliptic Curve Cipher Suites with
                 SHA-256/384 and AES Galois Counter Mode (GCM)",
                 RFC 5289, DOI 10.17487/RFC5289, August 2008,
                 <http://www.rfc-editor.org/info/rfc5289>.

   [TLS-EXT]     Eastlake 3rd, D., "Transport Layer Security (TLS)
                 Extensions: Extension Definitions", RFC 6066,
                 DOI 10.17487/RFC6066, January 2011,
                 <http://www.rfc-editor.org/info/rfc6066>.

Top      Up      ToC       Page 81 
   [TLS12]       Dierks, T. and E. Rescorla, "The Transport Layer
                 Security (TLS) Protocol Version 1.2", RFC 5246,
                 DOI 10.17487/ RFC5246, August 2008,
                 <http://www.rfc-editor.org/info/rfc5246>.

12.2.  Informative References

   [ALT-SVC]     Nottingham, M., McManus, P., and J. Reschke, "HTTP
                 Alternative Services", Work in Progress, draft-ietf-
                 httpbis-alt-svc-06, February 2015.

   [BCP90]       Klyne, G., Nottingham, M., and J. Mogul, "Registration
                 Procedures for Message Header Fields", BCP 90,
                 RFC 3864, September 2004,
                 <http://www.rfc-editor.org/info/bcp90>.

   [BREACH]      Gluck, Y., Harris, N., and A. Prado, "BREACH: Reviving
                 the CRIME Attack", July 2013,
                 <http://breachattack.com/resources/
                 BREACH%20-%20SSL,%20gone%20in%2030%20seconds.pdf>.

   [HTML5]       Hickson, I., Berjon, R., Faulkner, S., Leithead, T.,
                 Doyle Navara, E., O'Connor, E., and S. Pfeiffer,
                 "HTML5", W3C Recommendation REC-html5-20141028, October
                 2014, <http://www.w3.org/TR/2014/REC-html5-20141028/>.

   [RFC3749]     Hollenbeck, S., "Transport Layer Security Protocol
                 Compression Methods", RFC 3749, DOI 10.17487/RFC3749,
                 May 2004, <http://www.rfc-editor.org/info/rfc3749>.

   [RFC4492]     Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., and
                 B.  Moeller, "Elliptic Curve Cryptography (ECC) Cipher
                 Suites for Transport Layer Security (TLS)", RFC 4492,
                 DOI 10.17487/RFC4492, May 2006,
                 <http://www.rfc-editor.org/info/rfc4492>.

   [RFC6585]     Nottingham, M. and R. Fielding, "Additional HTTP Status
                 Codes", RFC 6585, DOI 10.17487/RFC6585, April 2012,
                 <http://www.rfc-editor.org/info/rfc6585>.

   [RFC7323]     Borman, D., Braden, B., Jacobson, V., and R.
                 Scheffenegger, Ed., "TCP Extensions for High
                 Performance", RFC 7323, DOI 10.17487/RFC7323, September
                 2014, <http://www.rfc-editor.org/info/rfc7323>.

   [TALKING]     Huang, L., Chen, E., Barth, A., Rescorla, E., and C.
                 Jackson, "Talking to Yourself for Fun and Profit",
                 2011, <http://w2spconf.com/2011/papers/websocket.pdf>.

Top      Up      ToC       Page 82 
   [TLSBCP]      Sheffer, Y., Holz, R., and P. Saint-Andre,
                 "Recommendations for Secure Use of Transport Layer
                 Security (TLS) and Datagram Transport Layer Security
                 (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May
                 2015, <http://www.rfc-editor.org/info/rfc7525>.

Top      Up      ToC       Page 83 
Appendix A.  TLS 1.2 Cipher Suite Black List

   An HTTP/2 implementation MAY treat the negotiation of any of the
   following cipher suites with TLS 1.2 as a connection error
   (Section 5.4.1) of type INADEQUATE_SECURITY:

   o  TLS_NULL_WITH_NULL_NULL

   o  TLS_RSA_WITH_NULL_MD5

   o  TLS_RSA_WITH_NULL_SHA

   o  TLS_RSA_EXPORT_WITH_RC4_40_MD5

   o  TLS_RSA_WITH_RC4_128_MD5

   o  TLS_RSA_WITH_RC4_128_SHA

   o  TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5

   o  TLS_RSA_WITH_IDEA_CBC_SHA

   o  TLS_RSA_EXPORT_WITH_DES40_CBC_SHA

   o  TLS_RSA_WITH_DES_CBC_SHA

   o  TLS_RSA_WITH_3DES_EDE_CBC_SHA

   o  TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA

   o  TLS_DH_DSS_WITH_DES_CBC_SHA

   o  TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA

   o  TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA

   o  TLS_DH_RSA_WITH_DES_CBC_SHA

   o  TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA

   o  TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

   o  TLS_DHE_DSS_WITH_DES_CBC_SHA

   o  TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

   o  TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

Top      Up      ToC       Page 84 
   o  TLS_DHE_RSA_WITH_DES_CBC_SHA

   o  TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

   o  TLS_DH_anon_EXPORT_WITH_RC4_40_MD5

   o  TLS_DH_anon_WITH_RC4_128_MD5

   o  TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA

   o  TLS_DH_anon_WITH_DES_CBC_SHA

   o  TLS_DH_anon_WITH_3DES_EDE_CBC_SHA

   o  TLS_KRB5_WITH_DES_CBC_SHA

   o  TLS_KRB5_WITH_3DES_EDE_CBC_SHA

   o  TLS_KRB5_WITH_RC4_128_SHA

   o  TLS_KRB5_WITH_IDEA_CBC_SHA

   o  TLS_KRB5_WITH_DES_CBC_MD5

   o  TLS_KRB5_WITH_3DES_EDE_CBC_MD5

   o  TLS_KRB5_WITH_RC4_128_MD5

   o  TLS_KRB5_WITH_IDEA_CBC_MD5

   o  TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA

   o  TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA

   o  TLS_KRB5_EXPORT_WITH_RC4_40_SHA

   o  TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5

   o  TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5

   o  TLS_KRB5_EXPORT_WITH_RC4_40_MD5

   o  TLS_PSK_WITH_NULL_SHA

   o  TLS_DHE_PSK_WITH_NULL_SHA

   o  TLS_RSA_PSK_WITH_NULL_SHA

Top      Up      ToC       Page 85 
   o  TLS_RSA_WITH_AES_128_CBC_SHA

   o  TLS_DH_DSS_WITH_AES_128_CBC_SHA

   o  TLS_DH_RSA_WITH_AES_128_CBC_SHA

   o  TLS_DHE_DSS_WITH_AES_128_CBC_SHA

   o  TLS_DHE_RSA_WITH_AES_128_CBC_SHA

   o  TLS_DH_anon_WITH_AES_128_CBC_SHA

   o  TLS_RSA_WITH_AES_256_CBC_SHA

   o  TLS_DH_DSS_WITH_AES_256_CBC_SHA

   o  TLS_DH_RSA_WITH_AES_256_CBC_SHA

   o  TLS_DHE_DSS_WITH_AES_256_CBC_SHA

   o  TLS_DHE_RSA_WITH_AES_256_CBC_SHA

   o  TLS_DH_anon_WITH_AES_256_CBC_SHA

   o  TLS_RSA_WITH_NULL_SHA256

   o  TLS_RSA_WITH_AES_128_CBC_SHA256

   o  TLS_RSA_WITH_AES_256_CBC_SHA256

   o  TLS_DH_DSS_WITH_AES_128_CBC_SHA256

   o  TLS_DH_RSA_WITH_AES_128_CBC_SHA256

   o  TLS_DHE_DSS_WITH_AES_128_CBC_SHA256

   o  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

   o  TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA

   o  TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA

   o  TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA

   o  TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA

   o  TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA

Top      Up      ToC       Page 86 
   o  TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

   o  TLS_DH_DSS_WITH_AES_256_CBC_SHA256

   o  TLS_DH_RSA_WITH_AES_256_CBC_SHA256

   o  TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

   o  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

   o  TLS_DH_anon_WITH_AES_128_CBC_SHA256

   o  TLS_DH_anon_WITH_AES_256_CBC_SHA256

   o  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

   o  TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA

   o  TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA

   o  TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA

   o  TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA

   o  TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA

   o  TLS_PSK_WITH_RC4_128_SHA

   o  TLS_PSK_WITH_3DES_EDE_CBC_SHA

   o  TLS_PSK_WITH_AES_128_CBC_SHA

   o  TLS_PSK_WITH_AES_256_CBC_SHA

   o  TLS_DHE_PSK_WITH_RC4_128_SHA

   o  TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA

   o  TLS_DHE_PSK_WITH_AES_128_CBC_SHA

   o  TLS_DHE_PSK_WITH_AES_256_CBC_SHA

   o  TLS_RSA_PSK_WITH_RC4_128_SHA

   o  TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA

   o  TLS_RSA_PSK_WITH_AES_128_CBC_SHA

Top      Up      ToC       Page 87 
   o  TLS_RSA_PSK_WITH_AES_256_CBC_SHA

   o  TLS_RSA_WITH_SEED_CBC_SHA

   o  TLS_DH_DSS_WITH_SEED_CBC_SHA

   o  TLS_DH_RSA_WITH_SEED_CBC_SHA

   o  TLS_DHE_DSS_WITH_SEED_CBC_SHA

   o  TLS_DHE_RSA_WITH_SEED_CBC_SHA

   o  TLS_DH_anon_WITH_SEED_CBC_SHA

   o  TLS_RSA_WITH_AES_128_GCM_SHA256

   o  TLS_RSA_WITH_AES_256_GCM_SHA384

   o  TLS_DH_RSA_WITH_AES_128_GCM_SHA256

   o  TLS_DH_RSA_WITH_AES_256_GCM_SHA384

   o  TLS_DH_DSS_WITH_AES_128_GCM_SHA256

   o  TLS_DH_DSS_WITH_AES_256_GCM_SHA384

   o  TLS_DH_anon_WITH_AES_128_GCM_SHA256

   o  TLS_DH_anon_WITH_AES_256_GCM_SHA384

   o  TLS_PSK_WITH_AES_128_GCM_SHA256

   o  TLS_PSK_WITH_AES_256_GCM_SHA384

   o  TLS_RSA_PSK_WITH_AES_128_GCM_SHA256

   o  TLS_RSA_PSK_WITH_AES_256_GCM_SHA384

   o  TLS_PSK_WITH_AES_128_CBC_SHA256

   o  TLS_PSK_WITH_AES_256_CBC_SHA384

   o  TLS_PSK_WITH_NULL_SHA256

   o  TLS_PSK_WITH_NULL_SHA384

   o  TLS_DHE_PSK_WITH_AES_128_CBC_SHA256

Top      Up      ToC       Page 88 
   o  TLS_DHE_PSK_WITH_AES_256_CBC_SHA384

   o  TLS_DHE_PSK_WITH_NULL_SHA256

   o  TLS_DHE_PSK_WITH_NULL_SHA384

   o  TLS_RSA_PSK_WITH_AES_128_CBC_SHA256

   o  TLS_RSA_PSK_WITH_AES_256_CBC_SHA384

   o  TLS_RSA_PSK_WITH_NULL_SHA256

   o  TLS_RSA_PSK_WITH_NULL_SHA384

   o  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256

   o  TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256

   o  TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256

   o  TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256

   o  TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256

   o  TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256

   o  TLS_EMPTY_RENEGOTIATION_INFO_SCSV

   o  TLS_ECDH_ECDSA_WITH_NULL_SHA

   o  TLS_ECDH_ECDSA_WITH_RC4_128_SHA

   o  TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA

   o  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA

Top      Up      ToC       Page 89 
   o  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

   o  TLS_ECDHE_ECDSA_WITH_NULL_SHA

   o  TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

   o  TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA

   o  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

   o  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

   o  TLS_ECDH_RSA_WITH_NULL_SHA

   o  TLS_ECDH_RSA_WITH_RC4_128_SHA

   o  TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA

   o  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA

   o  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

   o  TLS_ECDHE_RSA_WITH_NULL_SHA

   o  TLS_ECDHE_RSA_WITH_RC4_128_SHA

   o  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

   o  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

   o  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

   o  TLS_ECDH_anon_WITH_NULL_SHA

   o  TLS_ECDH_anon_WITH_RC4_128_SHA

   o  TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA

   o  TLS_ECDH_anon_WITH_AES_128_CBC_SHA

   o  TLS_ECDH_anon_WITH_AES_256_CBC_SHA

   o  TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA

   o  TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA

   o  TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA

Top      Up      ToC       Page 90 
   o  TLS_SRP_SHA_WITH_AES_128_CBC_SHA

   o  TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA

   o  TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA

   o  TLS_SRP_SHA_WITH_AES_256_CBC_SHA

   o  TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA

   o  TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA

   o  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

   o  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

   o  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256

   o  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

   o  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

   o  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

   o  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256

   o  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

   o  TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256

   o  TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384

   o  TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256

   o  TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384

   o  TLS_ECDHE_PSK_WITH_RC4_128_SHA

   o  TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA

   o  TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA

   o  TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA

   o  TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256

   o  TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384

Top      Up      ToC       Page 91 
   o  TLS_ECDHE_PSK_WITH_NULL_SHA

   o  TLS_ECDHE_PSK_WITH_NULL_SHA256

   o  TLS_ECDHE_PSK_WITH_NULL_SHA384

   o  TLS_RSA_WITH_ARIA_128_CBC_SHA256

   o  TLS_RSA_WITH_ARIA_256_CBC_SHA384

   o  TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256

   o  TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384

   o  TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256

   o  TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384

   o  TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256

   o  TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384

   o  TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256

   o  TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384

   o  TLS_DH_anon_WITH_ARIA_128_CBC_SHA256

   o  TLS_DH_anon_WITH_ARIA_256_CBC_SHA384

   o  TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256

   o  TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384

   o  TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256

   o  TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384

   o  TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256

   o  TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384

   o  TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256

   o  TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384

   o  TLS_RSA_WITH_ARIA_128_GCM_SHA256

Top      Up      ToC       Page 92 
   o  TLS_RSA_WITH_ARIA_256_GCM_SHA384

   o  TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256

   o  TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384

   o  TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256

   o  TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384

   o  TLS_DH_anon_WITH_ARIA_128_GCM_SHA256

   o  TLS_DH_anon_WITH_ARIA_256_GCM_SHA384

   o  TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256

   o  TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384

   o  TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256

   o  TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384

   o  TLS_PSK_WITH_ARIA_128_CBC_SHA256

   o  TLS_PSK_WITH_ARIA_256_CBC_SHA384

   o  TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256

   o  TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384

   o  TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256

   o  TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384

   o  TLS_PSK_WITH_ARIA_128_GCM_SHA256

   o  TLS_PSK_WITH_ARIA_256_GCM_SHA384

   o  TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256

   o  TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384

   o  TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256

   o  TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384

   o  TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256

Top      Up      ToC       Page 93 
   o  TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384

   o  TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384

   o  TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384

   o  TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384

   o  TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256

   o  TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384

   o  TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256

   o  TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384

   o  TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256

   o  TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384

   o  TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256

   o  TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384

   o  TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256

   o  TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384

   o  TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256

   o  TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384

   o  TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256

   o  TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384

   o  TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256

   o  TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384

   o  TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256

Top      Up      ToC       Page 94 
   o  TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384

   o  TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384

   o  TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384

   o  TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384

   o  TLS_RSA_WITH_AES_128_CCM

   o  TLS_RSA_WITH_AES_256_CCM

   o  TLS_RSA_WITH_AES_128_CCM_8

   o  TLS_RSA_WITH_AES_256_CCM_8

   o  TLS_PSK_WITH_AES_128_CCM

   o  TLS_PSK_WITH_AES_256_CCM

   o  TLS_PSK_WITH_AES_128_CCM_8

   o  TLS_PSK_WITH_AES_256_CCM_8

      Note: This list was assembled from the set of registered TLS
      cipher suites at the time of writing.  This list includes those
      cipher suites that do not offer an ephemeral key exchange and
      those that are based on the TLS null, stream, or block cipher type
      (as defined in Section 6.2.3 of [TLS12]).  Additional cipher
      suites with these properties could be defined; these would not be
      explicitly prohibited.

Top      Up      ToC       Page 95 
Acknowledgements

   This document includes substantial input from the following
   individuals:

   o  Adam Langley, Wan-Teh Chang, Jim Morrison, Mark Nottingham, Alyssa
      Wilk, Costin Manolache, William Chan, Vitaliy Lvin, Joe Chan, Adam
      Barth, Ryan Hamilton, Gavin Peters, Kent Alstad, Kevin Lindsay,
      Paul Amer, Fan Yang, and Jonathan Leighton (SPDY contributors).

   o  Gabriel Montenegro and Willy Tarreau (Upgrade mechanism).

   o  William Chan, Salvatore Loreto, Osama Mazahir, Gabriel Montenegro,
      Jitu Padhye, Roberto Peon, and Rob Trace (Flow control).

   o  Mike Bishop (Extensibility).

   o  Mark Nottingham, Julian Reschke, James Snell, Jeff Pinner, Mike
      Bishop, and Herve Ruellan (Substantial editorial contributions).

   o  Kari Hurtta, Tatsuhiro Tsujikawa, Greg Wilkins, Poul-Henning Kamp,
      and Jonathan Thackray.

   o  Alexey Melnikov, who was an editor of this document in 2013.

   A substantial proportion of Martin's contribution was supported by
   Microsoft during his employment there.

   The Japanese HTTP/2 community provided invaluable contributions,
   including a number of implementations as well as numerous technical
   and editorial contributions.

Top      Up      ToC       Page 96 
Authors' Addresses

   Mike Belshe
   BitGo

   EMail: mike@belshe.com


   Roberto Peon
   Google, Inc

   EMail: fenix@google.com


   Martin Thomson (editor)
   Mozilla
   331 E Evelyn Street
   Mountain View, CA  94041
   United States

   EMail: martin.thomson@gmail.com