Skip to content

Commit

Permalink
secure URLs
Browse files Browse the repository at this point in the history
and fix/secure a broken link pointing to the
"High Performance Browser Networking" book.
  • Loading branch information
vszakats authored and bagder committed Mar 26, 2018
1 parent 2351f0b commit b9f99ed
Show file tree
Hide file tree
Showing 99 changed files with 245 additions and 245 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ LICENSE
-------

The document is distributed under the Creative Commons Attribution 4.0
license: http://creativecommons.org/licenses/by/4.0/
license: https://creativecommons.org/licenses/by/4.0/

CONTRIBUTING
------------
Expand Down
2 changes: 1 addition & 1 deletion de/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Es beschreibt das Konzept, das Protokoll einige Implementierungen und über die

Die Original-Seite zu diesem Projekt findest du unter folgender URL.

http://daniel.haxx.se/http2/
https://daniel.haxx.se/http2/

Unter https://github.com/bagder/http2-explained ist der Quelltext
zum ganzen Buch mit allen Übersetzungen zu finden.
Expand Down
10 changes: 5 additions & 5 deletions de/part1.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ Dieses Dokument beschreibt den technischen Aufbau und das Protokoll http2.
Was als Präsentation im April 2014 in Stockholm anfing wurde daraufhin zu einer detaillierten Dokumentation und fügte einige sachgerechte Erklärungen hinzu

RFC 7540 ist der offizielle Standard der letzten Spezifikation von http2. Am 15. Mai 2015 wurde diese veröffentlicht.
URL: http://www.rfc-editor.org/rfc/rfc7540.txt
URL: https://www.rfc-editor.org/rfc/rfc7540.txt

Jegliche Fehler in diesem Dokument basieren auf meinem Verständnis der Materie. Ich bin offen für jede Korrektur welche beim update auf eine neue Version behoben wird.

Expand All @@ -20,21 +20,21 @@ Der Name des original Autors ist Daniel Stenberg welcher für Mozilla arbeitet.

Twitter: [@bagder](https://twitter.com/bagder)

Web: [daniel.haxx.se](http://daniel.haxx.se/)
Web: [daniel.haxx.se](https://daniel.haxx.se/)

Blog: [daniel.haxx.se/blog](http://daniel.haxx.se/blog/)
Blog: [daniel.haxx.se/blog](https://daniel.haxx.se/blog/)

## 1.2 Hilfe!

Falls du Fehler, Missverständnisse oder offensichtliche Lügen in diesem Dokument findest sende mir bitte eine verbesserte Version des betroffene Paragrafen und Ich erstelle eine novelliert Version des Dokumentes. Du wirst natürlich als Autor ordnungsgemäß als Mitautor aufgelistet. Ich hoffe damit dieses Dokument mit der Zeit immer wieder zu verbessern.

Dieses Dokument ist unter der folgenden URL verfügbar. [http://daniel.haxx.se/http2](http://daniel.haxx.se/http2)
Dieses Dokument ist unter der folgenden URL verfügbar. [https://daniel.haxx.se/http2](https://daniel.haxx.se/http2)

## 1.3 Lizenz

<img style="float: right;" src="https://raw.githubusercontent.com/bagder/http2-explained/master/images/creative-commons.png" />

Dieses Dokument ist unter der „Creative Commons Attribution 4.0“ Lizenz veröffentlicht: http://creativecommons.org/licenses/by/4.0/
Dieses Dokument ist unter der „Creative Commons Attribution 4.0“ Lizenz veröffentlicht: https://creativecommons.org/licenses/by/4.0/

## 1.4 Dokument Historie

Expand Down
6 changes: 3 additions & 3 deletions en/part1.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ out as a presentation Daniel did in Stockholm in April 2014 that was
subsequently converted and extended into a full-blown document with all
details and proper explanations.

RFC 7540 is the official name of the final http2 specification and it was published on May 15th 2015: http://www.rfc-editor.org/rfc/rfc7540.txt
RFC 7540 is the official name of the final http2 specification and it was published on May 15th 2015: https://www.rfc-editor.org/rfc/rfc7540.txt

All and any errors in this document are my own and the results of my
shortcomings. Please point them out and they will be fixed in updated
Expand Down Expand Up @@ -37,13 +37,13 @@ the http2 standardization work.

If you find mistakes, omissions, errors or blatant lies in this document, please send me a refreshed version of the affected paragraph and I'll make amended versions. I will give proper credits to everyone who helps out! I hope to make this document better over time.

This document is available at [http://daniel.haxx.se/http2](http://daniel.haxx.se/http2)
This document is available at [https://daniel.haxx.se/http2](https://daniel.haxx.se/http2)

## 1.3 License

<img style="float: right;" src="https://raw.githubusercontent.com/bagder/http2-explained/master/images/creative-commons.png" />

This document is licensed under the Creative Commons Attribution 4.0 license: http://creativecommons.org/licenses/by/4.0/
This document is licensed under the Creative Commons Attribution 4.0 license: https://creativecommons.org/licenses/by/4.0/

## 1.4 Document history

Expand Down
8 changes: 4 additions & 4 deletions en/part11.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# 11. http2 in curl

The [curl project](http://curl.haxx.se/) has been providing experimental http2
The [curl project](https://curl.haxx.se/) has been providing experimental http2
support since September 2013.

In the spirit of curl, we intend to support just about every aspect of http2 that we possibly can. curl is often used as a test tool and tinkerer's way to poke on web sites and we intend to keep that up for http2 as well.
Expand Down Expand Up @@ -46,22 +46,22 @@ if it can, but otherwise continue to operate with HTTP 1.1.

As libcurl tries to maintain existing behaviors to a far extent, you need to
enable HTTP/2 multiplexing for your application with the
[CURLMOPT_PIPELINING](http://curl.haxx.se/libcurl/c/CURLMOPT_PIPELINING.html)
[CURLMOPT_PIPELINING](https://curl.haxx.se/libcurl/c/CURLMOPT_PIPELINING.html)
option. Otherwise it will continue using one request at a time per connection.

Another little detail to keep in mind is that if you ask for several transfers
at once with libcurl, using its multi interface, an applicaton can very well
start any number of transfers at once and if you then rather have libcurl wait
a little to add them all over the same connection rather than opening new
connections for all of them at once, you use the
[CURLOPT_PIPEWAIT](http://curl.haxx.se/libcurl/c/CURLOPT_PIPEWAIT.html) option
[CURLOPT_PIPEWAIT](https://curl.haxx.se/libcurl/c/CURLOPT_PIPEWAIT.html) option
for each individual transfer you rather wait.

### 11.5.3 Server push

libcurl 7.44.0 and later supports HTTP/2 server push. You can take advantage
of this feature by setting up a push callback with the
[CURLMOPT_PUSHFUNCTION](http://curl.haxx.se/libcurl/c/CURLMOPT_PUSHFUNCTION.html)
[CURLMOPT_PUSHFUNCTION](https://curl.haxx.se/libcurl/c/CURLMOPT_PUSHFUNCTION.html)
option. If the push is accepted by the application, it'll create a new
transfer as an CURL easy handle and deliver content on it, just like any other
transfer.
2 changes: 1 addition & 1 deletion en/part12.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,4 @@ Google's [QUIC](https://www.chromium.org/quic) (Quick UDP Internet Connections)

QUIC allows the creation of connections with much less latency, it solves packet loss to only block individual streams instead of all of them like it does for HTTP/2 and it makes connections possible to be done over different network interfaces easily - thus also covering areas MPTCP is meant to solve.

QUIC is so far only implemented by Google in Chrome and their server ends and that code is not easily re-used elsewhere, even if there's a [libquic](https://github.com/devsisters/libquic) effort trying exactly that. The protocol has been brought as a [draft](http://tools.ietf.org/html/draft-tsvwg-quic-protocol-01) to the IETF transport working group.
QUIC is so far only implemented by Google in Chrome and their server ends and that code is not easily re-used elsewhere, even if there's a [libquic](https://github.com/devsisters/libquic) effort trying exactly that. The protocol has been brought as a [draft](https://tools.ietf.org/html/draft-tsvwg-quic-protocol-01) to the IETF transport working group.
8 changes: 4 additions & 4 deletions en/part13.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@

If you think this document was a bit light on content or technical details, here are additional resources to help you satisfy your curiosity:

- The HTTPbis mailing list and its archives: http://lists.w3.org/Archives/Public/ietf-http-wg/
- The HTTPbis mailing list and its archives: https://lists.w3.org/Archives/Public/ietf-http-wg/

- The actual http2 specification in a HTMLified version: https://httpwg.github.io/specs/rfc7540.html

- Firefox http2 networking details: https://wiki.mozilla.org/Networking/http2

- curl http2 implementation details: http://curl.haxx.se/docs/http2.html
- curl http2 implementation details: https://curl.haxx.se/docs/http2.html

- The http2 web site: http://http2.github.io/ and perhaps in particular the FAQ: http://http2.github.io/faq/
- The http2 web site: https://http2.github.io/ and perhaps in particular the FAQ: https://http2.github.io/faq/

- Ilya Grigorik's HTTP/2 chapter in his book “High Performance Browser Networking”: http://chimera.labs.oreilly.com/books/1230000000545/ch12.html
- Ilya Grigorik's HTTP/2 chapter in his book “High Performance Browser Networking”: https://hpbn.co/http2/
2 changes: 1 addition & 1 deletion en/part14.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

Inspiration and the package format Lego image from Mark Nottingham.

HTTP trend data comes from http://httparchive.org.
HTTP trend data comes from https://httparchive.org/.

The RTT graph comes from presentations done by Mike Belshe.

Expand Down
4 changes: 2 additions & 2 deletions en/part4.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,11 @@ Some of the bigger players in the HTTP field have been missing from the working

### 4.1.1. The "bis" part of the name

The group is named HTTPbis where the "bis" part comes from the [Latin adverb for two](http://en.wiktionary.org/wiki/bis#Latin). Bis is commonly used as a suffix or part of the name within the IETF for an update or the second take on a spec; in this case, the update to HTTP 1.1.
The group is named HTTPbis where the "bis" part comes from the [Latin adverb for two](https://en.wiktionary.org/wiki/bis#Latin). Bis is commonly used as a suffix or part of the name within the IETF for an update or the second take on a spec; in this case, the update to HTTP 1.1.

## 4.2. http2 started from SPDY

[SPDY](http://en.wikipedia.org/wiki/SPDY) is a protocol that was developed and spearheaded by Google. They certainly developed it in the open and invited everyone to participate but it was obvious that they benefited by being in control over both a popular browser implementation and a significant server population with well-used services.
[SPDY](https://en.wikipedia.org/wiki/SPDY) is a protocol that was developed and spearheaded by Google. They certainly developed it in the open and invited everyone to participate but it was obvious that they benefited by being in control over both a popular browser implementation and a significant server population with well-used services.

When the HTTPbis group decided it was time to start working on http2, SPDY had already proven that it was a working concept. It had shown it was possible to deploy on the Internet and there were published numbers that proved how well it performed. The http2 work began with the SPDY/3 draft that was basically made into the http2 draft-00 with a little search and replace.

4 changes: 2 additions & 2 deletions en/part6.md
Original file line number Diff line number Diff line change
Expand Up @@ -59,11 +59,11 @@ The HTTP 1.1 request sizes have actually gotten so large that they sometimes end

### 6.5.1. Compression is a tricky subject

HTTPS and SPDY compression were found to be vulnerable to the [BREACH](http://en.wikipedia.org/wiki/BREACH_%28security_exploit%29) and [CRIME](http://en.wikipedia.org/wiki/CRIME) attacks. By inserting known text into the stream and figuring out how that changes the output, an attacker can figure out what's being sent in an encrypted payload.
HTTPS and SPDY compression were found to be vulnerable to the [BREACH](https://en.wikipedia.org/wiki/BREACH_%28security_exploit%29) and [CRIME](https://en.wikipedia.org/wiki/CRIME) attacks. By inserting known text into the stream and figuring out how that changes the output, an attacker can figure out what's being sent in an encrypted payload.

Doing compression on dynamic content for a protocol - without becoming vulnerable to one of these attacks - requires some thought and careful consideration. This is what the HTTPbis team tried to do.

Enter [HPACK](http://www.rfc-editor.org/rfc/rfc7541.txt), Header Compression for HTTP/2, which – as the name suggests - is a compression format especially crafted for http2 headers, and it is being specified in a separate internet draft. The new format, together with other counter-measures (such as a bit that asks intermediaries to not compress a specific header and optional padding of frames), should make it harder to exploit compression.
Enter [HPACK](https://www.rfc-editor.org/rfc/rfc7541.txt), Header Compression for HTTP/2, which – as the name suggests - is a compression format especially crafted for http2 headers, and it is being specified in a separate internet draft. The new format, together with other counter-measures (such as a bit that asks intermediaries to not compress a specific header and optional padding of frames), should make it harder to exploit compression.

In the words of Roberto Peon (one of the creators of HPACK):

Expand Down
2 changes: 1 addition & 1 deletion en/part7.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ With the adoption of http2, there are reasons to suspect that TCP connections wi
This will affect how HTTP load balancers work and there may arise situations when a site wants to suggest that the client connect to another host. It could be for performance reasons, or if a site is being taken down for maintenance, etc.

The server will send the [Alt-Svc:
header](http://tools.ietf.org/html/draft-ietf-httpbis-alt-svc-10) (or ALTSVC
header](https://tools.ietf.org/html/draft-ietf-httpbis-alt-svc-10) (or ALTSVC
frame with http2) telling the client about an alternative service: another
route to the same content, using another service, host, and port number.

Expand Down
8 changes: 4 additions & 4 deletions en/part8.md
Original file line number Diff line number Diff line change
Expand Up @@ -53,8 +53,8 @@ server instance).
Apache's httpd server has a http2 module [mod_http2](https://httpd.apache.org/docs/2.4/mod/mod_http2.html) since 2.4.17 which was released on October 9, 2015.

[H2O](https://h2o.examp1e.net/), [Apache Traffic
Server](http://trafficserver.apache.org/), [nghttp2](https://nghttp2.org/),
[Caddy](http://caddyserver.com/) and
Server](https://trafficserver.apache.org/), [nghttp2](https://nghttp2.org/),
[Caddy](https://caddyserver.com/) and
[LiteSpeed](https://www.litespeedtech.com/products/litespeed-web-server/overview)
have all released http2 capable servers.

Expand Down Expand Up @@ -101,7 +101,7 @@ for one source of info.

Telecom and other network operators, for example in the ATIS Open Web
Alliance, say that they [need unencrypted
traffic](http://www.atis.org/openweballiance/docs/OWAKickoffSlides051414.pdf)
traffic](https://www.atis.org/openweballiance/docs/OWAKickoffSlides051414.pdf)
to offer caching, compression and other techniques necessary to provide a fast
web experience over satellite, in airplanes and similar. http2 does not make
TLS use mandatory so we shouldn't conflate the terms.
Expand All @@ -120,7 +120,7 @@ If you really can't take a binary protocol, then you couldn't handle TLS and com

### 8.4.6. “It isn't any faster than HTTP/1.1”

This is of course subject to debate and discussions on how to measure what faster means, but already in the SPDY days many tests were performed that proved browser page loads were faster (like ["How Speedy is SPDY?"](https://www.usenix.org/system/files/conference/nsdi14/nsdi14-paper-wang_xiao_sophia.pdf) by people at University of Washington and ["Evaluating the Performance of SPDY-enabled Web Servers"](http://www.neotys.com/blog/performance-of-spdy-enabled-web-servers) by Hervé Servy) and such experiments have been repeated with http2 as well. I'm looking forward to seeing more such tests and experiments getting published. A [basic first test made by httpwatch.com](http://blog.httpwatch.com/2015/01/16/a-simple-performance-comparison-of-https-spdy-and-http2) might imply that HTTP/2 holds its promises.
This is of course subject to debate and discussions on how to measure what faster means, but already in the SPDY days many tests were performed that proved browser page loads were faster (like ["How Speedy is SPDY?"](https://www.usenix.org/system/files/conference/nsdi14/nsdi14-paper-wang_xiao_sophia.pdf) by people at University of Washington and ["Evaluating the Performance of SPDY-enabled Web Servers"](https://www.neotys.com/blog/performance-of-spdy-enabled-web-servers) by Hervé Servy) and such experiments have been repeated with http2 as well. I'm looking forward to seeing more such tests and experiments getting published. A [basic first test made by httpwatch.com](https://blog.httpwatch.com/2015/01/16/a-simple-performance-comparison-of-https-spdy-and-http2) might imply that HTTP/2 holds its promises.

### 8.4.7. “It has layering violations”

Expand Down
2 changes: 1 addition & 1 deletion es/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ http2 explicado
Este es un documento detallado que describe HTTP/2 ([RFC
7540](https://httpwg.github.io/specs/rfc7540.html)), sus antecedentes, conceptos, el protocolo y algo sobre las implementaciones existentes y lo que nos puede deparar el futuro.

El sitio http://daniel.haxx.se/http2/ es el home canónico de este proyecto.
El sitio https://daniel.haxx.se/http2/ es el home canónico de este proyecto.

En https://github.com/bagder/http2-explained se encuentra el código fuente de todo el contenido del libro.

Expand Down
10 changes: 5 additions & 5 deletions es/part1.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

Este es un documento que describe http2 desde un nivel técnico y de protocolo. Comenzó como una presentación, que hice en Estocolmo en abril de 2014, para más tarde extender y convertirse en un documento completo con todo detalle y explicaciones concisas.

RFC 7540 es el nombre oficial de la especificación final de http2 que ha sido publicada el 15 de Mayo de 2015: http://www.rfc-editor.org/rfc/rfc7540.txt
RFC 7540 es el nombre oficial de la especificación final de http2 que ha sido publicada el 15 de Mayo de 2015: https://www.rfc-editor.org/rfc/rfc7540.txt

Todos los errores encontrados en este documento son míos propios (y del traducción), resultado de mis propios defectos. Por favor, reportarlos y haré las actualizaciones con sus correcciones.

Expand All @@ -18,22 +18,22 @@ Mi nombre es Daniel Stenberg y trabajo en Mozilla. Llevo trabajando con open sou

Twitter: [@bagder](https://twitter.com/bagder)

Web: [daniel.haxx.se](http://daniel.haxx.se/)
Web: [daniel.haxx.se](https://daniel.haxx.se/)

Blog: [daniel.haxx.se/blog](http://daniel.haxx.se/blog/)
Blog: [daniel.haxx.se/blog](https://daniel.haxx.se/blog/)

## 1.2 ¡Ayuda!

Si encuentras errores, omisiones o mentiras descaradas en este documento, por favor envíame un versión actualizada del párrafo afectado y haré versiones modificadas. ¡Se mencionará en los créditos a todo aquel que eche una mano!. Espero ir mejorando este documento a lo largo del tiempo.

El documento está disponible en [http://daniel.haxx.se/http2](http://daniel.haxx.se/http2)
El documento está disponible en [https://daniel.haxx.se/http2](https://daniel.haxx.se/http2)


## 1.3 Licencia

<img style="float: right;" src="https://raw.githubusercontent.com/bagder/http2-explained/master/images/creative-commons.png" />

Este documento está licenciado bajo Creative Commons Attribution 4.0 license: http://creativecommons.org/licenses/by/4.0/
Este documento está licenciado bajo Creative Commons Attribution 4.0 license: https://creativecommons.org/licenses/by/4.0/

## 1.4 Historial del documento

Expand Down
Loading

0 comments on commit b9f99ed

Please sign in to comment.