On the server side, it's important to be able to clear out connections that have been idle for too long or are somehow broken. For HTTP/1, this can be done pretty simply by setting stream-level read and write timeouts. However, things aren't so simple for HTTP/2 since it's multiplexed. In particular, the server is always attempting to read from an HTTP/2 socket, so if a single request is active that takes more than the read timeout to process, the connection gets killed.
To handle this properly, I think we'll need hyper-level timeout configuration. In particular, I care about being able to shut down connections that have been idle for some period of time, and detect when reading from a client or writing to it is taking too long.
There are also some potential higher level timeouts to defend against e.g. slow loris attacks by placing a cap on the time a client is allowed to send the complete set of headers.
On the server side, it's important to be able to clear out connections that have been idle for too long or are somehow broken. For HTTP/1, this can be done pretty simply by setting stream-level read and write timeouts. However, things aren't so simple for HTTP/2 since it's multiplexed. In particular, the server is always attempting to read from an HTTP/2 socket, so if a single request is active that takes more than the read timeout to process, the connection gets killed.
To handle this properly, I think we'll need hyper-level timeout configuration. In particular, I care about being able to shut down connections that have been idle for some period of time, and detect when reading from a client or writing to it is taking too long.
There are also some potential higher level timeouts to defend against e.g. slow loris attacks by placing a cap on the time a client is allowed to send the complete set of headers.