Skip to main content


Showing posts from November, 2015

The secret message hidden in every HTTP/2 connection

If you spy on an HTTP/2 connection starting up you'll notice that it sends an almost-but-not-quite valid HTTP request at the very start of the connection. Like this: Written a little more clearly that's: PRI * HTTP2.0 SM The HTTP verb is PRI and the body contains just SM . Put them together and you get... PRISM . This occurs right at the start of the connection to ensure that the server really supports HTTP/2.0. It is detailed in Section 3.5  of RFC7540 as follows: In HTTP/2, each endpoint is required to send a connection preface as a final confirmation of the protocol in use and to establish the initial settings for the HTTP/2 connection. The client and server each send a different connection preface. The client connection preface starts with a sequence of 24 octets, which in hex notation is: 0x505249202a20485454502f322e300d0a0d0a534d0d0a0d0a That is, the connection preface starts with the string "PRI * HTTP/2.0\r\n