Passa al contenuto principale

1. Overview

Questa sezione conserva il testo RFC per optimistic HTTP/1.1 protocol transitions, inclusi request smuggling risks, parser exploit risks, existing Upgrade tokens, HTTP CONNECT requirements e IANA status.

1.  Overview

This document discusses certain security considerations that arise
when switching from HTTP/1.1 to a different protocol on the same
connection. It provides:

* a review of the relevant standards,

* a discussion of the security risks that may apply if a client
sends data before the transition is confirmed,

* a security evaluation of existing upgrade tokens, and

* guidance for implementations and future standards documents.

Updates to [HTTP/1.1] and [CONNECT-UDP], including new normative
requirements, are provided in Sections 8 and 6.3, respectively.