Define thresholds on the number of HTTP/2 Settings parameters exchanged over a connection

Dotyczy: Windows 10Windows 10, version 1607Windows 10, version 1703

Summary


HTTP/2 Settings frames are used by endpoints to exchange defined settings parameters with each other. The HTTP/2 protocol doesn’t define any practical limit on the number of settings parameters included in a single settings frame (max allowed is 2796202) and there is no limit on the number of times such settings frames are exchanged.

A malicious client using HTTP/2 can exploit this fact to make an HTTP/2 server system temporarily unstable, by increasing the CPU usage to 100% before the connections are terminated by the Internet Information Services (IIS).

Resolution


To address this issue, Microsoft has provided an ability to define limits on the number of HTTP/2 settings parameters allowed over a connection. These limits are not preset by Microsoft and must be defined by system administrator after reviewing the HTTP/2 protocol and their environment requirements.

Below are the two registry entries added to set the limits:

 

Path: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters

Name: Http2MaxSettingsPerFrame

Type: DWORD

Data: Supported min value 7 and max 2796202. Out of range values trimmed to corresponding min/max end value.

 

Path: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters

Name: Http2MaxSettingsPerMinute

Type: DWORD

Data: Supported min value 7. Smaller value trimmed to the min value.

 

Note: A machine reboot, or service restart is required to read the configured registry values, when they are added first time or changed.

With the limits set,

  • If a single Setting frame contains more settings parameters than "Http2MaxSettingsPerFrame" value, then that connection is immediately killed.
  • If the number of settings parameters contained in multiple Settings frames received within a minute crosses "Http2MaxSettingsPerMinute" value, then connection is killed.

When appropriately set, above two limits together help to terminate the malicious connection violating those limits and form a threshold for legitimate connections