What works:
- HTTP/2 over TLS1.2 with ALPN
- Request and response flow
- Headers are compressed and decompressed with HPACK
- Request body can be read by streams (if present)
- MVC template app with individual auth works fine
- PRIORITY frames are validated
- RST_STREAM frames are validated and abort streams
- SETTINGS frames are validated and ACKed
- PING frames are validated and ACKed
- GOAWAY frames stop connections
- WINDOW_UPDATE frames are validated
- CONTINUATION frames are sent for large header blocks
What doesn't work yet:
- Flow control in either direction
- It's not possible to encode a single header across more than one frame
- Affects only a very large header (name and value combined ~16KB long)
- Request trailers
- Response trailers
- Limits and timeouts in `KestrelServerLimits` are not enforced on HTTP/2
- HPACK use is very limited on the send side
- Literals are not Huffman-encoded
- Common headers (e.g. "server: Kestrel") are never indexed
- Honoring client settings
- Some error checking is still missing (e.g. validating incoming frame size)
Mike Harder
Cesar Blum Silveira