[Cryptography] RFC7540 (HTTP/2) easter egg: "PRISM"

Henry Baker hbaker1 at pipeline.com
Tue Dec 1 18:00:29 EST 2015

FYI -- Thank you, Edward!


If you spy on an HTTP/2 connection starting up you'll notice that it sends an almost-but-not-quite valid HTTP request at the very start of the connection.  Like this:


Written a little more clearly that's:

    PRI * HTTP2.0


The HTTP verb is PRI and the body contains just SM.  Put them together and you get... *PRISM.*  This occurs right at the start of the connection to ensure that the server really supports HTTP/2.0.  It is detailed in Section 3.5 of RFC7540 as follows:


More information about the cryptography mailing list