diff --git a/doc/sources/nghttpx-howto.rst b/doc/sources/nghttpx-howto.rst index 90ab1b89..cfd9311e 100644 --- a/doc/sources/nghttpx-howto.rst +++ b/doc/sources/nghttpx-howto.rst @@ -539,6 +539,24 @@ encrypt Connection ID must be set with :option:`--frontend-quic-secret-file` and must provide the existing keys in order to keep the existing connections alive during reload. +The construction of Connection ID closely follows Block Cipher CID +Algorithm described in `QUIC-LB draft +`_. +A Connection ID that nghttpx generates is always 20 bytes long. It +uses first 2 bits as a configuration ID. The remaining bits in the +first byte are reserved and random. The next 2 bytes are server ID. +The next 6 bytes are used to route UDP datagram to a correct +``SO_REUSEPORT`` socket. The remaining bytes are randomly generated. +The server ID and the next 14 bytes are encrypted with AES-ECB. The +key is derived from the keying materials stored in a file specified by +:option:`--frontend-quic-secret-file`. The first 2 bits of keying +material in the file is used as a configuration ID. The remaining +bits and following 3 bytes are reserved and unused. The next 32 bytes +are used as an initial secret. The remaining 32 bytes are used as a +salt. The encryption key is generated by `HKDF +`_ with SHA256 and +these keying materials and ``connection id encryption key`` as info. + In order announce that HTTP/3 endpoint is available, you should specify alt-svc header field. For example, the following options send alt-svc header field in HTTP/1.1 and HTTP/2 response: