Tech-invite3GPPspaceIETF RFCsSIP
929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 7540

Hypertext Transfer Protocol Version 2 (HTTP/2)

Pages: 96
Obsoleted by:  9113
Updated by:  8740
Part 5 of 5 – Pages 74 to 96
First   Prev   None

Top   ToC   RFC7540 - Page 74   prevText

11. IANA Considerations

A string for identifying HTTP/2 is entered into the "Application- Layer Protocol Negotiation (ALPN) Protocol IDs" registry established in [TLS-ALPN]. This document establishes a registry for frame types, settings, and error codes. These new registries appear in the new "Hypertext Transfer Protocol version 2 (HTTP/2) Parameters" section. This document registers the HTTP2-Settings header field for use in HTTP; it also registers the 421 (Misdirected Request) status code. This document registers the "PRI" method for use in HTTP to avoid collisions with the connection preface (Section 3.5).

11.1. Registration of HTTP/2 Identification Strings

This document creates two registrations for the identification of HTTP/2 (see Section 3.3) in the "Application-Layer Protocol Negotiation (ALPN) Protocol IDs" registry established in [TLS-ALPN]. The "h2" string identifies HTTP/2 when used over TLS: Protocol: HTTP/2 over TLS Identification Sequence: 0x68 0x32 ("h2") Specification: This document The "h2c" string identifies HTTP/2 when used over cleartext TCP: Protocol: HTTP/2 over TCP
Top   ToC   RFC7540 - Page 75
   Identification Sequence:  0x68 0x32 0x63 ("h2c")

   Specification:  This document

11.2. Frame Type Registry

This document establishes a registry for HTTP/2 frame type codes. The "HTTP/2 Frame Type" registry manages an 8-bit space. The "HTTP/2 Frame Type" registry operates under either of the "IETF Review" or "IESG Approval" policies [RFC5226] for values between 0x00 and 0xef, with values between 0xf0 and 0xff being reserved for Experimental Use. New entries in this registry require the following information: Frame Type: A name or label for the frame type. Code: The 8-bit code assigned to the frame type. Specification: A reference to a specification that includes a description of the frame layout, its semantics, and flags that the frame type uses, including any parts of the frame that are conditionally present based on the value of flags. The entries in the following table are registered by this document. +---------------+------+--------------+ | Frame Type | Code | Section | +---------------+------+--------------+ | DATA | 0x0 | Section 6.1 | | HEADERS | 0x1 | Section 6.2 | | PRIORITY | 0x2 | Section 6.3 | | RST_STREAM | 0x3 | Section 6.4 | | SETTINGS | 0x4 | Section 6.5 | | PUSH_PROMISE | 0x5 | Section 6.6 | | PING | 0x6 | Section 6.7 | | GOAWAY | 0x7 | Section 6.8 | | WINDOW_UPDATE | 0x8 | Section 6.9 | | CONTINUATION | 0x9 | Section 6.10 | +---------------+------+--------------+

11.3. Settings Registry

This document establishes a registry for HTTP/2 settings. The "HTTP/2 Settings" registry manages a 16-bit space. The "HTTP/2 Settings" registry operates under the "Expert Review" policy [RFC5226] for values in the range from 0x0000 to 0xefff, with values between and 0xf000 and 0xffff being reserved for Experimental Use.
Top   ToC   RFC7540 - Page 76
   New registrations are advised to provide the following information:

   Name:  A symbolic name for the setting.  Specifying a setting name is
      optional.

   Code:  The 16-bit code assigned to the setting.

   Initial Value:  An initial value for the setting.

   Specification:  An optional reference to a specification that
      describes the use of the setting.

   The entries in the following table are registered by this document.

   +------------------------+------+---------------+---------------+
   | Name                   | Code | Initial Value | Specification |
   +------------------------+------+---------------+---------------+
   | HEADER_TABLE_SIZE      | 0x1  | 4096          | Section 6.5.2 |
   | ENABLE_PUSH            | 0x2  | 1             | Section 6.5.2 |
   | MAX_CONCURRENT_STREAMS | 0x3  | (infinite)    | Section 6.5.2 |
   | INITIAL_WINDOW_SIZE    | 0x4  | 65535         | Section 6.5.2 |
   | MAX_FRAME_SIZE         | 0x5  | 16384         | Section 6.5.2 |
   | MAX_HEADER_LIST_SIZE   | 0x6  | (infinite)    | Section 6.5.2 |
   +------------------------+------+---------------+---------------+

11.4. Error Code Registry

This document establishes a registry for HTTP/2 error codes. The "HTTP/2 Error Code" registry manages a 32-bit space. The "HTTP/2 Error Code" registry operates under the "Expert Review" policy [RFC5226]. Registrations for error codes are required to include a description of the error code. An expert reviewer is advised to examine new registrations for possible duplication with existing error codes. Use of existing registrations is to be encouraged, but not mandated. New registrations are advised to provide the following information: Name: A name for the error code. Specifying an error code name is optional. Code: The 32-bit error code value. Description: A brief description of the error code semantics, longer if no detailed specification is provided.
Top   ToC   RFC7540 - Page 77
   Specification:  An optional reference for a specification that
      defines the error code.

   The entries in the following table are registered by this document.

   +---------------------+------+----------------------+---------------+
   | Name                | Code | Description          | Specification |
   +---------------------+------+----------------------+---------------+
   | NO_ERROR            | 0x0  | Graceful shutdown    | Section 7     |
   | PROTOCOL_ERROR      | 0x1  | Protocol error       | Section 7     |
   |                     |      | detected             |               |
   | INTERNAL_ERROR      | 0x2  | Implementation fault | Section 7     |
   | FLOW_CONTROL_ERROR  | 0x3  | Flow-control limits  | Section 7     |
   |                     |      | exceeded             |               |
   | SETTINGS_TIMEOUT    | 0x4  | Settings not         | Section 7     |
   |                     |      | acknowledged         |               |
   | STREAM_CLOSED       | 0x5  | Frame received for   | Section 7     |
   |                     |      | closed stream        |               |
   | FRAME_SIZE_ERROR    | 0x6  | Frame size incorrect | Section 7     |
   | REFUSED_STREAM      | 0x7  | Stream not processed | Section 7     |
   | CANCEL              | 0x8  | Stream cancelled     | Section 7     |
   | COMPRESSION_ERROR   | 0x9  | Compression state    | Section 7     |
   |                     |      | not updated          |               |
   | CONNECT_ERROR       | 0xa  | TCP connection error | Section 7     |
   |                     |      | for CONNECT method   |               |
   | ENHANCE_YOUR_CALM   | 0xb  | Processing capacity  | Section 7     |
   |                     |      | exceeded             |               |
   | INADEQUATE_SECURITY | 0xc  | Negotiated TLS       | Section 7     |
   |                     |      | parameters not       |               |
   |                     |      | acceptable           |               |
   | HTTP_1_1_REQUIRED   | 0xd  | Use HTTP/1.1 for the | Section 7     |
   |                     |      | request              |               |
   +---------------------+------+----------------------+---------------+

11.5. HTTP2-Settings Header Field Registration

This section registers the HTTP2-Settings header field in the "Permanent Message Header Field Names" registry [BCP90]. Header field name: HTTP2-Settings Applicable protocol: http Status: standard Author/Change controller: IETF
Top   ToC   RFC7540 - Page 78
   Specification document(s):  Section 3.2.1 of this document

   Related information:  This header field is only used by an HTTP/2
      client for Upgrade-based negotiation.

11.6. PRI Method Registration

This section registers the "PRI" method in the "HTTP Method Registry" ([RFC7231], Section 8.1). Method Name: PRI Safe: Yes Idempotent: Yes Specification document(s): Section 3.5 of this document Related information: This method is never used by an actual client. This method will appear to be used when an HTTP/1.1 server or intermediary attempts to parse an HTTP/2 connection preface.

11.7. The 421 (Misdirected Request) HTTP Status Code

This document registers the 421 (Misdirected Request) HTTP status code in the "HTTP Status Codes" registry ([RFC7231], Section 8.2). Status Code: 421 Short Description: Misdirected Request Specification: Section 9.1.2 of this document

11.8. The h2c Upgrade Token

This document registers the "h2c" upgrade token in the "HTTP Upgrade Tokens" registry ([RFC7230], Section 8.6). Value: h2c Description: Hypertext Transfer Protocol version 2 (HTTP/2) Expected Version Tokens: None Reference: Section 3.2 of this document
Top   ToC   RFC7540 - Page 79

12. References

12.1. Normative References

[COMPRESSION] Peon, R. and H. Ruellan, "HPACK: Header Compression for HTTP/2", RFC 7541, DOI 10.17487/RFC7541, May 2015, <http://www.rfc-editor.org/info/rfc7541>. [COOKIE] Barth, A., "HTTP State Management Mechanism", RFC 6265, DOI 10.17487/RFC6265, April 2011, <http://www.rfc-editor.org/info/rfc6265>. [FIPS186] NIST, "Digital Signature Standard (DSS)", FIPS PUB 186-4, July 2013, <http://dx.doi.org/10.6028/NIST.FIPS.186-4>. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>. [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, DOI 10.17487/ RFC2818, May 2000, <http://www.rfc-editor.org/info/rfc2818>. [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, DOI 10.17487/RFC3986, January 2005, <http://www.rfc-editor.org/info/rfc3986>. [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006, <http://www.rfc-editor.org/info/rfc4648>. [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, DOI 10.17487/RFC5226, May 2008, <http://www.rfc-editor.org/info/rfc5226>. [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, DOI 10.17487/ RFC5234, January 2008, <http://www.rfc-editor.org/info/rfc5234>. [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing", RFC 7230, DOI 10.17487/RFC7230, June 2014, <http://www.rfc-editor.org/info/rfc7230>.
Top   ToC   RFC7540 - Page 80
   [RFC7231]     Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
                 Transfer Protocol (HTTP/1.1): Semantics and Content",
                 RFC 7231, DOI 10.17487/RFC7231, June 2014,
                 <http://www.rfc-editor.org/info/rfc7231>.

   [RFC7232]     Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
                 Transfer Protocol (HTTP/1.1): Conditional Requests",
                 RFC 7232, DOI 10.17487/RFC7232, June 2014,
                 <http://www.rfc-editor.org/info/rfc7232>.

   [RFC7233]     Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed.,
                 "Hypertext Transfer Protocol (HTTP/1.1): Range
                 Requests", RFC 7233, DOI 10.17487/RFC7233, June 2014,
                 <http://www.rfc-editor.org/info/rfc7233>.

   [RFC7234]     Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
                 Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
                 RFC 7234, DOI 10.17487/RFC7234, June 2014,
                 <http://www.rfc-editor.org/info/rfc7234>.

   [RFC7235]     Fielding, R., Ed. and J. Reschke, Ed., "Hypertext
                 Transfer Protocol (HTTP/1.1): Authentication",
                 RFC 7235, DOI 10.17487/RFC7235, June 2014,
                 <http://www.rfc-editor.org/info/rfc7235>.

   [TCP]         Postel, J., "Transmission Control Protocol", STD 7, RFC
                 793, DOI 10.17487/RFC0793, September 1981,
                 <http://www.rfc-editor.org/info/rfc793>.

   [TLS-ALPN]    Friedl, S., Popov, A., Langley, A., and E. Stephan,
                 "Transport Layer Security (TLS) Application-Layer
                 Protocol Negotiation Extension", RFC 7301,
                 DOI 10.17487/RFC7301, July 2014,
                 <http://www.rfc-editor.org/info/rfc7301>.

   [TLS-ECDHE]   Rescorla, E., "TLS Elliptic Curve Cipher Suites with
                 SHA-256/384 and AES Galois Counter Mode (GCM)",
                 RFC 5289, DOI 10.17487/RFC5289, August 2008,
                 <http://www.rfc-editor.org/info/rfc5289>.

   [TLS-EXT]     Eastlake 3rd, D., "Transport Layer Security (TLS)
                 Extensions: Extension Definitions", RFC 6066,
                 DOI 10.17487/RFC6066, January 2011,
                 <http://www.rfc-editor.org/info/rfc6066>.
Top   ToC   RFC7540 - Page 81
   [TLS12]       Dierks, T. and E. Rescorla, "The Transport Layer
                 Security (TLS) Protocol Version 1.2", RFC 5246,
                 DOI 10.17487/ RFC5246, August 2008,
                 <http://www.rfc-editor.org/info/rfc5246>.

12.2. Informative References

[ALT-SVC] Nottingham, M., McManus, P., and J. Reschke, "HTTP Alternative Services", Work in Progress, draft-ietf- httpbis-alt-svc-06, February 2015. [BCP90] Klyne, G., Nottingham, M., and J. Mogul, "Registration Procedures for Message Header Fields", BCP 90, RFC 3864, September 2004, <http://www.rfc-editor.org/info/bcp90>. [BREACH] Gluck, Y., Harris, N., and A. Prado, "BREACH: Reviving the CRIME Attack", July 2013, <http://breachattack.com/resources/ BREACH%20-%20SSL,%20gone%20in%2030%20seconds.pdf>. [HTML5] Hickson, I., Berjon, R., Faulkner, S., Leithead, T., Doyle Navara, E., O'Connor, E., and S. Pfeiffer, "HTML5", W3C Recommendation REC-html5-20141028, October 2014, <http://www.w3.org/TR/2014/REC-html5-20141028/>. [RFC3749] Hollenbeck, S., "Transport Layer Security Protocol Compression Methods", RFC 3749, DOI 10.17487/RFC3749, May 2004, <http://www.rfc-editor.org/info/rfc3749>. [RFC4492] Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., and B. Moeller, "Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)", RFC 4492, DOI 10.17487/RFC4492, May 2006, <http://www.rfc-editor.org/info/rfc4492>. [RFC6585] Nottingham, M. and R. Fielding, "Additional HTTP Status Codes", RFC 6585, DOI 10.17487/RFC6585, April 2012, <http://www.rfc-editor.org/info/rfc6585>. [RFC7323] Borman, D., Braden, B., Jacobson, V., and R. Scheffenegger, Ed., "TCP Extensions for High Performance", RFC 7323, DOI 10.17487/RFC7323, September 2014, <http://www.rfc-editor.org/info/rfc7323>. [TALKING] Huang, L., Chen, E., Barth, A., Rescorla, E., and C. Jackson, "Talking to Yourself for Fun and Profit", 2011, <http://w2spconf.com/2011/papers/websocket.pdf>.
Top   ToC   RFC7540 - Page 82
   [TLSBCP]      Sheffer, Y., Holz, R., and P. Saint-Andre,
                 "Recommendations for Secure Use of Transport Layer
                 Security (TLS) and Datagram Transport Layer Security
                 (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May
                 2015, <http://www.rfc-editor.org/info/rfc7525>.
Top   ToC   RFC7540 - Page 83

Appendix A. TLS 1.2 Cipher Suite Black List

An HTTP/2 implementation MAY treat the negotiation of any of the following cipher suites with TLS 1.2 as a connection error (Section 5.4.1) of type INADEQUATE_SECURITY: o TLS_NULL_WITH_NULL_NULL o TLS_RSA_WITH_NULL_MD5 o TLS_RSA_WITH_NULL_SHA o TLS_RSA_EXPORT_WITH_RC4_40_MD5 o TLS_RSA_WITH_RC4_128_MD5 o TLS_RSA_WITH_RC4_128_SHA o TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 o TLS_RSA_WITH_IDEA_CBC_SHA o TLS_RSA_EXPORT_WITH_DES40_CBC_SHA o TLS_RSA_WITH_DES_CBC_SHA o TLS_RSA_WITH_3DES_EDE_CBC_SHA o TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA o TLS_DH_DSS_WITH_DES_CBC_SHA o TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA o TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA o TLS_DH_RSA_WITH_DES_CBC_SHA o TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA o TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA o TLS_DHE_DSS_WITH_DES_CBC_SHA o TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA o TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Top   ToC   RFC7540 - Page 84
   o  TLS_DHE_RSA_WITH_DES_CBC_SHA

   o  TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

   o  TLS_DH_anon_EXPORT_WITH_RC4_40_MD5

   o  TLS_DH_anon_WITH_RC4_128_MD5

   o  TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA

   o  TLS_DH_anon_WITH_DES_CBC_SHA

   o  TLS_DH_anon_WITH_3DES_EDE_CBC_SHA

   o  TLS_KRB5_WITH_DES_CBC_SHA

   o  TLS_KRB5_WITH_3DES_EDE_CBC_SHA

   o  TLS_KRB5_WITH_RC4_128_SHA

   o  TLS_KRB5_WITH_IDEA_CBC_SHA

   o  TLS_KRB5_WITH_DES_CBC_MD5

   o  TLS_KRB5_WITH_3DES_EDE_CBC_MD5

   o  TLS_KRB5_WITH_RC4_128_MD5

   o  TLS_KRB5_WITH_IDEA_CBC_MD5

   o  TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA

   o  TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA

   o  TLS_KRB5_EXPORT_WITH_RC4_40_SHA

   o  TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5

   o  TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5

   o  TLS_KRB5_EXPORT_WITH_RC4_40_MD5

   o  TLS_PSK_WITH_NULL_SHA

   o  TLS_DHE_PSK_WITH_NULL_SHA

   o  TLS_RSA_PSK_WITH_NULL_SHA
Top   ToC   RFC7540 - Page 85
   o  TLS_RSA_WITH_AES_128_CBC_SHA

   o  TLS_DH_DSS_WITH_AES_128_CBC_SHA

   o  TLS_DH_RSA_WITH_AES_128_CBC_SHA

   o  TLS_DHE_DSS_WITH_AES_128_CBC_SHA

   o  TLS_DHE_RSA_WITH_AES_128_CBC_SHA

   o  TLS_DH_anon_WITH_AES_128_CBC_SHA

   o  TLS_RSA_WITH_AES_256_CBC_SHA

   o  TLS_DH_DSS_WITH_AES_256_CBC_SHA

   o  TLS_DH_RSA_WITH_AES_256_CBC_SHA

   o  TLS_DHE_DSS_WITH_AES_256_CBC_SHA

   o  TLS_DHE_RSA_WITH_AES_256_CBC_SHA

   o  TLS_DH_anon_WITH_AES_256_CBC_SHA

   o  TLS_RSA_WITH_NULL_SHA256

   o  TLS_RSA_WITH_AES_128_CBC_SHA256

   o  TLS_RSA_WITH_AES_256_CBC_SHA256

   o  TLS_DH_DSS_WITH_AES_128_CBC_SHA256

   o  TLS_DH_RSA_WITH_AES_128_CBC_SHA256

   o  TLS_DHE_DSS_WITH_AES_128_CBC_SHA256

   o  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

   o  TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA

   o  TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA

   o  TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA

   o  TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA

   o  TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
Top   ToC   RFC7540 - Page 86
   o  TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

   o  TLS_DH_DSS_WITH_AES_256_CBC_SHA256

   o  TLS_DH_RSA_WITH_AES_256_CBC_SHA256

   o  TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

   o  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

   o  TLS_DH_anon_WITH_AES_128_CBC_SHA256

   o  TLS_DH_anon_WITH_AES_256_CBC_SHA256

   o  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

   o  TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA

   o  TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA

   o  TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA

   o  TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA

   o  TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA

   o  TLS_PSK_WITH_RC4_128_SHA

   o  TLS_PSK_WITH_3DES_EDE_CBC_SHA

   o  TLS_PSK_WITH_AES_128_CBC_SHA

   o  TLS_PSK_WITH_AES_256_CBC_SHA

   o  TLS_DHE_PSK_WITH_RC4_128_SHA

   o  TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA

   o  TLS_DHE_PSK_WITH_AES_128_CBC_SHA

   o  TLS_DHE_PSK_WITH_AES_256_CBC_SHA

   o  TLS_RSA_PSK_WITH_RC4_128_SHA

   o  TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA

   o  TLS_RSA_PSK_WITH_AES_128_CBC_SHA
Top   ToC   RFC7540 - Page 87
   o  TLS_RSA_PSK_WITH_AES_256_CBC_SHA

   o  TLS_RSA_WITH_SEED_CBC_SHA

   o  TLS_DH_DSS_WITH_SEED_CBC_SHA

   o  TLS_DH_RSA_WITH_SEED_CBC_SHA

   o  TLS_DHE_DSS_WITH_SEED_CBC_SHA

   o  TLS_DHE_RSA_WITH_SEED_CBC_SHA

   o  TLS_DH_anon_WITH_SEED_CBC_SHA

   o  TLS_RSA_WITH_AES_128_GCM_SHA256

   o  TLS_RSA_WITH_AES_256_GCM_SHA384

   o  TLS_DH_RSA_WITH_AES_128_GCM_SHA256

   o  TLS_DH_RSA_WITH_AES_256_GCM_SHA384

   o  TLS_DH_DSS_WITH_AES_128_GCM_SHA256

   o  TLS_DH_DSS_WITH_AES_256_GCM_SHA384

   o  TLS_DH_anon_WITH_AES_128_GCM_SHA256

   o  TLS_DH_anon_WITH_AES_256_GCM_SHA384

   o  TLS_PSK_WITH_AES_128_GCM_SHA256

   o  TLS_PSK_WITH_AES_256_GCM_SHA384

   o  TLS_RSA_PSK_WITH_AES_128_GCM_SHA256

   o  TLS_RSA_PSK_WITH_AES_256_GCM_SHA384

   o  TLS_PSK_WITH_AES_128_CBC_SHA256

   o  TLS_PSK_WITH_AES_256_CBC_SHA384

   o  TLS_PSK_WITH_NULL_SHA256

   o  TLS_PSK_WITH_NULL_SHA384

   o  TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
Top   ToC   RFC7540 - Page 88
   o  TLS_DHE_PSK_WITH_AES_256_CBC_SHA384

   o  TLS_DHE_PSK_WITH_NULL_SHA256

   o  TLS_DHE_PSK_WITH_NULL_SHA384

   o  TLS_RSA_PSK_WITH_AES_128_CBC_SHA256

   o  TLS_RSA_PSK_WITH_AES_256_CBC_SHA384

   o  TLS_RSA_PSK_WITH_NULL_SHA256

   o  TLS_RSA_PSK_WITH_NULL_SHA384

   o  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256

   o  TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256

   o  TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256

   o  TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256

   o  TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256

   o  TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256

   o  TLS_EMPTY_RENEGOTIATION_INFO_SCSV

   o  TLS_ECDH_ECDSA_WITH_NULL_SHA

   o  TLS_ECDH_ECDSA_WITH_RC4_128_SHA

   o  TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA

   o  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Top   ToC   RFC7540 - Page 89
   o  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

   o  TLS_ECDHE_ECDSA_WITH_NULL_SHA

   o  TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

   o  TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA

   o  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

   o  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

   o  TLS_ECDH_RSA_WITH_NULL_SHA

   o  TLS_ECDH_RSA_WITH_RC4_128_SHA

   o  TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA

   o  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA

   o  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

   o  TLS_ECDHE_RSA_WITH_NULL_SHA

   o  TLS_ECDHE_RSA_WITH_RC4_128_SHA

   o  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

   o  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

   o  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

   o  TLS_ECDH_anon_WITH_NULL_SHA

   o  TLS_ECDH_anon_WITH_RC4_128_SHA

   o  TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA

   o  TLS_ECDH_anon_WITH_AES_128_CBC_SHA

   o  TLS_ECDH_anon_WITH_AES_256_CBC_SHA

   o  TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA

   o  TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA

   o  TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
Top   ToC   RFC7540 - Page 90
   o  TLS_SRP_SHA_WITH_AES_128_CBC_SHA

   o  TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA

   o  TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA

   o  TLS_SRP_SHA_WITH_AES_256_CBC_SHA

   o  TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA

   o  TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA

   o  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

   o  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

   o  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256

   o  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

   o  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

   o  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

   o  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256

   o  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

   o  TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256

   o  TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384

   o  TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256

   o  TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384

   o  TLS_ECDHE_PSK_WITH_RC4_128_SHA

   o  TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA

   o  TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA

   o  TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA

   o  TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256

   o  TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
Top   ToC   RFC7540 - Page 91
   o  TLS_ECDHE_PSK_WITH_NULL_SHA

   o  TLS_ECDHE_PSK_WITH_NULL_SHA256

   o  TLS_ECDHE_PSK_WITH_NULL_SHA384

   o  TLS_RSA_WITH_ARIA_128_CBC_SHA256

   o  TLS_RSA_WITH_ARIA_256_CBC_SHA384

   o  TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256

   o  TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384

   o  TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256

   o  TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384

   o  TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256

   o  TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384

   o  TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256

   o  TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384

   o  TLS_DH_anon_WITH_ARIA_128_CBC_SHA256

   o  TLS_DH_anon_WITH_ARIA_256_CBC_SHA384

   o  TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256

   o  TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384

   o  TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256

   o  TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384

   o  TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256

   o  TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384

   o  TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256

   o  TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384

   o  TLS_RSA_WITH_ARIA_128_GCM_SHA256
Top   ToC   RFC7540 - Page 92
   o  TLS_RSA_WITH_ARIA_256_GCM_SHA384

   o  TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256

   o  TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384

   o  TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256

   o  TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384

   o  TLS_DH_anon_WITH_ARIA_128_GCM_SHA256

   o  TLS_DH_anon_WITH_ARIA_256_GCM_SHA384

   o  TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256

   o  TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384

   o  TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256

   o  TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384

   o  TLS_PSK_WITH_ARIA_128_CBC_SHA256

   o  TLS_PSK_WITH_ARIA_256_CBC_SHA384

   o  TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256

   o  TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384

   o  TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256

   o  TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384

   o  TLS_PSK_WITH_ARIA_128_GCM_SHA256

   o  TLS_PSK_WITH_ARIA_256_GCM_SHA384

   o  TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256

   o  TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384

   o  TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256

   o  TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384

   o  TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
Top   ToC   RFC7540 - Page 93
   o  TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384

   o  TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384

   o  TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384

   o  TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384

   o  TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256

   o  TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384

   o  TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256

   o  TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384

   o  TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256

   o  TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384

   o  TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256

   o  TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384

   o  TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256

   o  TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384

   o  TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256

   o  TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384

   o  TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256

   o  TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384

   o  TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256

   o  TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384

   o  TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
Top   ToC   RFC7540 - Page 94
   o  TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384

   o  TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384

   o  TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384

   o  TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256

   o  TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384

   o  TLS_RSA_WITH_AES_128_CCM

   o  TLS_RSA_WITH_AES_256_CCM

   o  TLS_RSA_WITH_AES_128_CCM_8

   o  TLS_RSA_WITH_AES_256_CCM_8

   o  TLS_PSK_WITH_AES_128_CCM

   o  TLS_PSK_WITH_AES_256_CCM

   o  TLS_PSK_WITH_AES_128_CCM_8

   o  TLS_PSK_WITH_AES_256_CCM_8

      Note: This list was assembled from the set of registered TLS
      cipher suites at the time of writing.  This list includes those
      cipher suites that do not offer an ephemeral key exchange and
      those that are based on the TLS null, stream, or block cipher type
      (as defined in Section 6.2.3 of [TLS12]).  Additional cipher
      suites with these properties could be defined; these would not be
      explicitly prohibited.
Top   ToC   RFC7540 - Page 95

Acknowledgements

This document includes substantial input from the following individuals: o Adam Langley, Wan-Teh Chang, Jim Morrison, Mark Nottingham, Alyssa Wilk, Costin Manolache, William Chan, Vitaliy Lvin, Joe Chan, Adam Barth, Ryan Hamilton, Gavin Peters, Kent Alstad, Kevin Lindsay, Paul Amer, Fan Yang, and Jonathan Leighton (SPDY contributors). o Gabriel Montenegro and Willy Tarreau (Upgrade mechanism). o William Chan, Salvatore Loreto, Osama Mazahir, Gabriel Montenegro, Jitu Padhye, Roberto Peon, and Rob Trace (Flow control). o Mike Bishop (Extensibility). o Mark Nottingham, Julian Reschke, James Snell, Jeff Pinner, Mike Bishop, and Herve Ruellan (Substantial editorial contributions). o Kari Hurtta, Tatsuhiro Tsujikawa, Greg Wilkins, Poul-Henning Kamp, and Jonathan Thackray. o Alexey Melnikov, who was an editor of this document in 2013. A substantial proportion of Martin's contribution was supported by Microsoft during his employment there. The Japanese HTTP/2 community provided invaluable contributions, including a number of implementations as well as numerous technical and editorial contributions.
Top   ToC   RFC7540 - Page 96

Authors' Addresses

Mike Belshe BitGo EMail: mike@belshe.com Roberto Peon Google, Inc EMail: fenix@google.com Martin Thomson (editor) Mozilla 331 E Evelyn Street Mountain View, CA 94041 United States EMail: martin.thomson@gmail.com