Update doc
This commit is contained in:
parent
19b4da6401
commit
17d5503bf2
|
@ -539,6 +539,24 @@ encrypt Connection ID must be set with
|
||||||
:option:`--frontend-quic-secret-file` and must provide the existing
|
:option:`--frontend-quic-secret-file` and must provide the existing
|
||||||
keys in order to keep the existing connections alive during reload.
|
keys in order to keep the existing connections alive during reload.
|
||||||
|
|
||||||
|
The construction of Connection ID closely follows Block Cipher CID
|
||||||
|
Algorithm described in `QUIC-LB draft
|
||||||
|
<https://datatracker.ietf.org/doc/html/draft-ietf-quic-load-balancers>`_.
|
||||||
|
A Connection ID that nghttpx generates is always 20 bytes long. It
|
||||||
|
uses first 2 bits as a configuration ID. The remaining bits in the
|
||||||
|
first byte are reserved and random. The next 2 bytes are server ID.
|
||||||
|
The next 6 bytes are used to route UDP datagram to a correct
|
||||||
|
``SO_REUSEPORT`` socket. The remaining bytes are randomly generated.
|
||||||
|
The server ID and the next 14 bytes are encrypted with AES-ECB. The
|
||||||
|
key is derived from the keying materials stored in a file specified by
|
||||||
|
:option:`--frontend-quic-secret-file`. The first 2 bits of keying
|
||||||
|
material in the file is used as a configuration ID. The remaining
|
||||||
|
bits and following 3 bytes are reserved and unused. The next 32 bytes
|
||||||
|
are used as an initial secret. The remaining 32 bytes are used as a
|
||||||
|
salt. The encryption key is generated by `HKDF
|
||||||
|
<https://datatracker.ietf.org/doc/html/rfc5869>`_ with SHA256 and
|
||||||
|
these keying materials and ``connection id encryption key`` as info.
|
||||||
|
|
||||||
In order announce that HTTP/3 endpoint is available, you should
|
In order announce that HTTP/3 endpoint is available, you should
|
||||||
specify alt-svc header field. For example, the following options send
|
specify alt-svc header field. For example, the following options send
|
||||||
alt-svc header field in HTTP/1.1 and HTTP/2 response:
|
alt-svc header field in HTTP/1.1 and HTTP/2 response:
|
||||||
|
|
Loading…
Reference in New Issue