Synopsys Software Integrity Group is now operating as Black Duck Software, Inc., a subsidiary of Synopsys. Click to learn more.

close search bar

Sorry, not available in this language yet

close language selection
HTTP3 Server Test Suite Data Sheet
Test Suite:
HTTP3 Server Test Suite
Direction:
Server

HTTP/3 is the 3rd major version of the HTTP protocol. HTTP/3 adopts binary frame format from HTTP/2, but adds own updates to frame formats. Unlike its predecessors that used TCP/TLS, HTTP/3 runs over QUIC protocol. QUIC is a multiplexed streaming protocol, which runs on top of UDP and secures all connections using TLS 1.3.

Used specifications

Specification
Title
Notes
RFC2068
Hypertext Transfer Protocol -- HTTP/1.1
Only Link header
RFC2617
HTTP Authentication: Basic and Digest Access Authentication
Anomaly only
RFC3986
Uniform Resource Identifier (URI): Generic Syntax
RFC4122
A Universally Unique IDentifier (UUID) URN Namespace
Anomaly only
RFC5322
Internet Message Format
FROM header mailbox specification only.
RFC5646
Tags for Identifying Languages
RFC5789
PATCH Method for HTTP
RFC5987
Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters
RFC6265
HTTP State Management Mechanism
QPACK header fields
RFC6266
Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)
QPACK header fields
RFC6454
The Web Origin Concept
QPACK header fields
RFC6797
HTTP Strict Transport Security (HSTS)
QPACK header fields
RFC6874
Representing IPv6 Zone Identifiers in Address Literals and Uniform Resource Identifiers
QPACK header fields
RFC7230
Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
QPACK header fields
RFC7231
Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
QPACK header fields
RFC7232
Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests
QPACK header fields
RFC7233
Hypertext Transfer Protocol (HTTP/1.1): Caching
QPACK header fields
RFC7234
Hypertext Transfer Protocol (HTTP/1.1): Range Requests
QPACK header fields
RFC7235
Hypertext Transfer Protocol (HTTP/1.1): Authentication
QPACK header fields
RFC7239
Forwarded HTTP Extension
QPACK header fields
RFC7838
HTTP Alternative Services
QPACK header fields
RFC8288
Web Linking
QPACK header fields
RFC8470
Using Early Data in HTTP
QPACK header fields
RFC9114
HTTP/3
HTTP/3 Main specification
RFC9163
Expect-CT Extension for HTTP
QPACK header fields
RFC9204
QPACK: Field Compression for HTTP/3
HTTP/3 Main specification
RFC9218
Extensible Prioritization Scheme for HTTP
HTTP/3 Extension
RFC9220
Bootstrapping WebSockets with HTTP/3
HTTP/3 Extension

Tool-specific information

Tested HTTP/3 frames
Specifications
Notes
0x00 - DATA
RFC9114
0x01 - HEADERS
RFC9114
0x03 - CANCEL_PUSH
RFC9114
0x04 - SETTINGS
RFC9114
0x05 - PUSH_PROMISE
RFC9114
0x07 - GOAWAY
RFC9114
0x0d - MAX_PUSH_ID
RFC9114
0xf0700 - PRIORITY_UPDATE
RFC9218
Request stream specific priority update
0xf0701 - PRIORITY_UPDATE
RFC9218
Push stream specific priority update

Tested HTTP/3 Stream Header messages
Specifications
Notes
0x00 - Control Stream Header
RFC9114
0x01 - Push Stream Header
RFC9114
0x02 - QPACK Encoder Stream Header
RFC9204
0x03 - QPACK Decoder Stream Header
RFC9204

Tested QPACK Encoder instructions
Specifications
Notes
Set Dynamic Table Capacity
RFC9204
Insert With Name Reference
RFC9204
Insert With Literal Name
RFC9204
Duplicate
RFC9204

Tested QPACK Decoder instructions
Specifications
Notes
Section Acknowledgment
RFC9204
Stream Cancellation
RFC9204
Insert Count Increment
RFC9204

Supported features
Specifications
Notes
Sending and receiving HTTP/3 request stream messages over bidirectional QUIC streams.
RFC9114, RFC9000
HTTP/3 Request Stream frames
Sending and receiving HTTP/3 control stream messages over unidirectional QUIC streams.
RFC9114, RFC9204, RFC9000
HTTP/3 Control Stream frames
Receiving HTTP/3 push stream messages over unidirectional QUIC streams.
RFC9114, RFC9000
HTTP/3 Push Stream frames
Sending and receiving QPACK Encoder messages over unidirectional QUIC streams.
RFC9204, RFC9000
QPACK Encoder Stream instruction blocks
Sending and receiving QPACK Decoder messages over unidirectional QUIC streams.
RFC9204, RFC9000
QPACK Decoder Stream instruction blocks
Huffman encoding
RFC9204
Optional Huffman encoding for QPACK Header Fields.
Deflate content encoding
RFC1951
DEFLATE compressed data format for HTTP content.
GZIP content encoding
RFC1952
GZIP file format compression method for HTTP content.

Unsupported features
Specifications
Notes
HTTP authentication mechanisms
RFC6749, RFC5849
Suite doesn't support any dynamic HTTP authentication mechanisms.
QUIC 0-RTT TLS hanshake
RFC9000, RFC8446
Suite doesn't support the 0-RTT TLS handshake feature for QUIC.
HTTP/3 0-RTT session resumption
RFC9114
Suite doesn't support the 0-RTT session resumption for HTTP/3.
HTTP/3 specific error codes in QUIC
RFC9114, RFC9204, RFC9000
Suite doesn't support sending HTTP/3 connection or stream error codes over QUIC when closing a QUIC connection after erroneous HTTP/3 scenarios.
Web applications over HTTP/3
RFC9114
Suite doesn't support fuzzing web application specific logic.
HTTP/1.1 with Alternative Services
RFC9114
Suite doesn't support sending or receiving HTTP/1.1 messages.
HTTP/2 with Alternative Services
RFC9114
Suite doesn't support sending or receiving HTTP/2 messages.
QPACK dynamic table memory state tracking
RFC9204
Suite doesn't keep track of QPACK dynamic table indexes.
QPACK instructions fragmented over multiple QUIC packets
RFC9204
Suite doesn't support receiving QPACK instructions fragmented over multiple QUIC packets.
WebSocket frames with HTTP/3
RFC9220, RFC6455
Suite doesn't fuzz or include built-in WebSocket frame data.
QUIC datagrams
draft-ietf-masque-h3-datagram-11
Suite doesn't support sending HTTP/3 specific QUIC datagram frames.
Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis