Monday, April 28, 2025

Java HTTP3 / QUIC implementation: theory

History of HTTP Since HTTP/1.0, the HTTP protocol was a means for request - response communication. The client sends a request to the server...
Wednesday, August 28, 2024

Java Http3/QUIC implementation security, part 5: HTTP/3

...continued from part 4 RFC 9204 QPACK: Field Compression for HTTP/3 7.1 Probing Dynamic Table Size HttpClient only uses the dynamic table ...

Java Http3/QUIC implementation security, part 4: HTTP/3

 ...continued from part 3 RFC 9114 HTTP/3 10.1 Server Authority HTTP/3 uses QUIC and TLS to verify the server authority. We always set endpo...
Monday, August 26, 2024

Java Http3/QUIC implementation security, part 3: QUIC

 ...continued from part 2 RFC 8999, 9368, 9369 The security considerations sections of these documents focus on downgrade prevention. No add...

Java Http3/QUIC implementation security, part 2: QUIC

...continued from part 1 21.5 Request Forgery Attacks This paragraph focuses on the risk posed by reflected datagrams. The concerns are some...
Tuesday, August 20, 2024

Java Http3/QUIC implementation security, part 1: QUIC

Support HTTP/3 in the HttpClient As part of the JEP, we implement: RFC 9114 : HTTP/3 RFC 9204 : QPACK: Field Compression for HTTP/3 RFC 8999...
Monday, December 20, 2021

Running cross-translation-unit static analysis on OpenJDK

Scan-build discusses in an earlier post is pretty effective at detecting issues within a single C file. Additional insights can be gained b...