[Cryptography] RFC7540 (HTTP/2) easter egg: "PRISM"
hbaker1 at pipeline.com
Tue Dec 1 18:00:29 EST 2015
FYI -- Thank you, Edward!
If you spy on an HTTP/2 connection starting up you'll notice that it sends an almost-but-not-quite valid HTTP request at the very start of the connection. Like this:
Written a little more clearly that's:
PRI * HTTP2.0
The HTTP verb is PRI and the body contains just SM. Put them together and you get... *PRISM.* This occurs right at the start of the connection to ensure that the server really supports HTTP/2.0. It is detailed in Section 3.5 of RFC7540 as follows:
More information about the cryptography