Share via

4 Protocol Examples

In this example, the client attempts to access a protected resource. Because it has a client certificate configured, it advertises its willingness to renegotiate immediately.

During the TLS handshake, the client offers only cipher suites which are acceptable to it. From this list, the server selects the most preferred cipher suite. After the handshake concludes, HTTP/2 begins at the application layer.

Frame

Description

PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n

Connection preface.

SETTINGS:

  • Flags:

    • ACK:  0

  • Values:

    • TLS_RENEG_PERMITTED (0x10):  0x02

Client SETTINGS frame; leaves initial values unchanged, but sets TLS_RENEG_PERMITTED to support server-initiated renegotiation.

HEADERS:

  • Flags:

    • END_STREAM:  1

    • END_HEADERS:  1

  • Header values:

    • :method = GET

    • :scheme = https

    • :path = /protected_resource

    • host = example.org

    • accept = image/jpeg

HEADERS frame containing request. As this is the only frame needed to convey the request, the END_STREAM and END_HEADERS flags are set.

Server handles connection.

Frame

Description

SETTINGS:

  • Flags:

    • ACK:  0

  • Values:

    • TLS_RENEG_PERMITTED (0x10):  0x02

Server SETTINGS frame; leaves initial values unchanged, but sets TLS_RENEG_PERMITTED to support server-initiated renegotiation.

SETTINGS:

  • Flags:

    • ACK:  1

  • Values:

    • None

Server acknowledgment of client SETTINGS frame. Acknowledgments contain no values.

Because both sides have indicated support for server-initiated renegotiation, when processing the request for a protected resource, the server triggers the TLS layer to renegotiate, this time requesting a client certificate.

After renegotiation completes, the server responds with the protected resource if the client certificate verifies access.

Frame

Description

HEADERS:

  • Flags:

    • END_STREAM:  0

    • END_HEADERS:  1

  • Header values:

    • :status = 200

    • content-type = application/octet-stream

    • content-length = <length of file>

HEADERS frame containing response. The END_STREAM flag is not set, as the body follows.

DATA:

  • Flags:

    • END_STREAM:  1

  • Payload:  <content of file>

Response body. As the final frame of the response, the END_STREAM flag is set.

The request complete, the client terminates the connection after optionally sending a GOAWAY frame.

Frame

Description

SETTINGS:

  • Flags:

    • ACK:  1

  • Values:

    • None

Client acknowledgment of server SETTINGS frame. Acknowledgments contain no values.

GOAWAY:

  • Last-Stream-ID: 0

  • Error Code:  NO_ERROR

Optional GOAWAY frame indicating that the client will make no further requests.

The server notifies the TCP layer to close the connection, after optionally sending a GOAWAY frame itself.

Frame

Description

GOAWAY:

  • Last-Stream-ID: 1

  • Error Code:  NO_ERROR

Optional GOAWAY frame indicating that the server expects no further requests.