HTTP2 Client Test Suite Data Sheet
Test Suite:
HTTP2 Client Test Suite
Direction:
Client

The HTTP2 protocol is a new version of HTTP/1.1 and it contains major changes. For example, where HTTP/1.1 protocol was a textual protocol, the HTTP2 is a binary protocol. Additionally, HTTP2 supports multiple concurrent streams over single TCP stream, its headers are packed and it can be encoded with Huffman encoding. With these changes, faster response time between server and client can be achieved.

Used specifications

Specification
Title
Notes
RFC2068
Hypertext Transfer Protocol -- HTTP/1.1
Only Link header
RFC2617
HTTP Authentication: Basic and Digest Access Authentication
RFC3986
Uniform Resource Identifier (URI): Generic Syntax
RFC4122
A Universally Unique IDentifier (UUID) URN Namespace
Anomaly only
RFC5322
Internet Message Format
FROM header mailbox specification only.
RFC5646
Tags for Identifying Languages
RFC5789
PATCH Method for HTTP
RFC5987
Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters
RFC6265
HTTP State Management Mechanism
Anomaly only
RFC6266
Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)
Anomaly only
RFC6454
The Web Origin Concept
Anomaly only
RFC6797
HTTP Strict Transport Security (HSTS)
Anomaly only
RFC6874
Representing IPv6 Zone Identifiers in Address Literals and Uniform Resource Identifiers
RFC7230
Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
RFC7231
Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
RFC7232
Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests
RFC7233
Hypertext Transfer Protocol (HTTP/1.1): Caching
RFC7234
Hypertext Transfer Protocol (HTTP/1.1): Range Requests
RFC7235
Hypertext Transfer Protocol (HTTP/1.1): Authentication
RFC7540
Hypertext Transfer Protocol Version 2 (HTTP/2)
HTTP/2 main specification
RFC7541
HPACK: Header Compression for HTTP/2
RFC7838
HTTP Alternative Services
HTTP/2 Extension
RFC8288
Web Linking
RFC8338
The ORIGIN HTTP/2 Frame
HTTP/2 Extension
RFC8441
Bootstrapping WebSockets with HTTP/2
Anomaly only
MS-HTTP2E
[MS-HTTP2E]: Hypertext Transfer Protocol Version 2 (HTTP/2) Extension - Protocol Version 3
HTTP/2 Extension (Anomaly only)
draft-xie-bidirectional-messaging-02
An HTTP/2 Extension for Bidirectional Message Communication

Tool-specific information

Tested messages
Specifications
Notes
0 - DATA
RFC7540
1 - HEADERS
RFC7540
2 - PRIORITY
RFC7540
3 - RST_STREAM
RFC7540
4 - SETTINGS
RFC7540
5 - PUSH_PROMISE
RFC7540
6 - PING
RFC7540
7 - GOAWAY
RFC7540
8 - WINDOW_UPDATE
RFC7540
9 - CONTINUATION
RFC7540
10 - ALTSVC
RFC7838
HTTP/2 Extension
12 - ORIGIN
RFC8336
HTTP/2 Extension
251 - XHEADERS
draft-xie-bidirectional-messaging-02
HTTP/2 Extension

Supported features
Specification
Notes
HTTP/2 over TCP
RFC7540
HTTP2 over TCP (h2c).
HTTP/2 over TLS
RFC7540
HTTP2 over TLS (h2).
Huffman encoding
RFC7541
HPACK Huffman encoding for HTTP/2 Literal Header values.
Deflate content encoding
RFC1951
DEFLATE compressed data format for HTTP content.
GZIP content encoding
RFC1952
GZIP file format compression method for HTTP content.

Unsupported features
Specification
Notes
HTTP/1.x Upgrade to HTTP/2 connection
RFC7540
Upgrading connection from HTTP/1.x to HTTP/2. Parsing HTTP/1.x messages is not supported.
HPACK Dynamic table memory
RFC7541
Suite doesn't keep track of HPACK dynamic table indexes.
WebSocket connection
RFC8441
Suite doesn't include built-in WebSocket connection initiation or messages during test run.
TLS renegotiation
MS-HTTP2E
TLS renegotiation or initiating alternative connections during the test run.
HTTP authentication mechanisms
RFC6749, RFC5849
Suite doesn't support any dynamic HTTP authentication mechanisms, for example OAuth 2.0.

Supported SafeGuard checks
Notes
Information leakage

Echobleed for Ping.

Unprotected credentials

Secure connection usage.

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis