Cloudfront: HTTP/2 compliance issue

Question

I've resorted to stackoverflow becase AWS doesn't provide technical support for free tiers.

Someone reported an issue using httpx, the ruby HTTP client library I maintain: https://gitlab.com/honeyryderchuck/httpx/issues/64

The report came after a recent upgrade to improve HTTP/2 spec compliance in the parser. Although the library now passes the h2spec, there seem to be legitimate issues requesting from cloudfront, due to an apparent part of the spec they don't seem to comply with: when a flow control window over 2 ** 31 - 1 is advertised, the sender must not allow it and return a flow control error.

Is it correct?

Answer 1

You are correct that the flow control window cannot exceed 2^31-1, as indicated in the specification.

The initial flow control window is 65535, not 65536 as sent from Cloudfront, so the subsequent enlargement of the flow control window by 2147418112 yields 2^31 which is off-by-one too big for the flow control window.

Your client correctly sends a GO_AWAY with error FLOW_CONTROL_ERROR.

Answer 2

sbordet answer is not fully correct.

He is right that flow-control window can't exceed 2^31-1 bytes and that the initial flow-control window size is 65535 bytes. However the part that CloudFront sends wrong value of 65536 is incorrect, as any endpoint is allowed to modify the default initial window size as stated in RFC7540 Sec 6.9.2:

Both endpoints can adjust the initial window size for new streams by including a value for SETTINGS_INITIAL_WINDOW_SIZE in the SETTINGS frame that forms part of the connection preface.

Note that this setting is applied only to new streams and not connection flow-control window size. The connection flow-control window size can be updated only through WINDOW_UPDATE frame, as mentioned in next line of RFC:

The connection flow-control window can only be changed using WINDOW_UPDATE frames.

So after CloudFront updated SETTINGS_INITIAL_WINDOW_SIZE to 65536 bytes, the connection flow-control window is still at 65535 bytes, so the next WINDOW_UPDATE of 2147418112 bytes, increases it to 2^31-1 bytes (which is a valid value according to RFC), not 2^31 bytes.