You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2019/03/07 10:18:14 UTC
svn commit: r1854964 - /httpd/httpd/trunk/docs/manual/mod/mod_http2.xml
Author: icing
Date: Thu Mar 7 10:18:14 2019
New Revision: 1854964
URL: http://svn.apache.org/viewvc?rev=1854964&view=rev
Log:
Adding new H2Padding directive.
Modified:
httpd/httpd/trunk/docs/manual/mod/mod_http2.xml
Modified: httpd/httpd/trunk/docs/manual/mod/mod_http2.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_http2.xml?rev=1854964&r1=1854963&r2=1854964&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_http2.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_http2.xml Thu Mar 7 10:18:14 2019
@@ -946,4 +946,41 @@ H2TLSCoolDownSecs 0
</usage>
</directivesynopsis>
+ <directivesynopsis>
+ <name>H2Padding</name>
+ <description>Determine the range of padding bytes added to payload frames</description>
+ <syntax>H2Padding numbits</syntax>
+ <default>H2Padding 0</default>
+ <contextlist>
+ <context>server config</context>
+ <context>virtual host</context>
+ </contextlist>
+ <compatibility>Available in version 2.4.39 and later.</compatibility>
+
+ <usage>
+ <p>
+ With the default 0, no padding bytes are added to any payload
+ frames, e.g. HEADERS, DATA and PUSH_PROMISE. This is the behaviour
+ of previous versions. It means that under certain conditions, an
+ observer of network traffic can see the length of those frames
+ in the TLS stream.
+ </p>
+ <p>
+ When configuring numbits of 1-8, a random number in range
+ [0, 2^numbits[ are added to each frame. The random value is chosen
+ independantly for each frame that the module sends back to the client.
+ </p>
+ <p>
+ While more padding bytes give better message length obfuscation, they
+ are also additional traffic. The optimal number therefore depends on
+ the kind of web traffic the server carries.
+ </p>
+ <p>
+ The default of 0, e.g. no padding, was chosen for maximum backward
+ compatibility. There might be deployments where padding bytes are
+ unwanted or do harm. The most likely cause would be a client that
+ has a faults implementation.
+ </p>
+ </usage>
+ </directivesynopsis>
</modulesynopsis>