DeterministicESPAsyncWebServer v6.27.1
Zero-allocation, bounded-execution async HTTP server for ESP32
Loading...
Searching...
No Matches
Standards & specifications

Every standard this library implements or relies on, with a link to the authoritative text. This is the conformance map: when changing a subsystem, read its standard first (the full spec text is also kept locally while work is in progress). RFC links go to the RFC Editor; others to the issuing body.

‍The per-standard conformance audit - the MUST/SHOULD verdict and the evidence backing each entry below - lives in AUDIT.md.

Status legend: impl = implemented in the library - via mbedTLS = provided by the platform crypto/TLS stack the library binds to - roadmap = planned (see ROADMAP.md) - ref = referenced for correctness but obsoleted by a newer entry here.

HTTP core

  • RFC 9110 - HTTP Semantics - impl (methods, status, headers, conditional requests, ranges).
  • RFC 9112 - HTTP/1.1 Messaging - impl (request/response framing, Content-Length, Transfer-Encoding rejection).
  • RFC 9111 - HTTP Caching - impl (ETag / Last-Modified / conditional GET; the structured Cache-Control builder/parser + freshness-lifetime precedence in services/httpcache).
  • RFC 8246 - HTTP Immutable Responses - impl (the immutable Cache-Control directive).
  • RFC 5861 - HTTP Cache-Control Extensions for Stale Content - impl (stale-while-revalidate / stale-if-error).
  • RFC 3986 - URI Generic Syntax - impl (path / query parsing, percent-decoding).
  • RFC 5234 - ABNF - ref (grammar notation used by the HTTP specs).
  • RFC 1123 - Host Requirements - impl (the IMF-fixdate / HTTP-date format for Last-Modified / If-Modified-Since).
  • RFC 7230 / 7231 / 7233 - HTTP/1.1 (messaging / semantics / range) - ref (obsoleted by 9110 / 9112; cited where the code predates the renumbering).
  • RFC 6265 - HTTP State Management (Cookies) - impl (cookie get/set).
  • RFC 7239 - Forwarded HTTP Extension - impl (client ip/scheme parsing).

HTTP/2 & HTTP/3

  • RFC 9113 - HTTP/2 - impl (framing, stream multiplexing, h2 ALPN; PSRAM-gated).
  • RFC 7541 - HPACK (HTTP/2 header compression) - impl (static + dynamic table, canonical Huffman).
  • RFC 9204 - QPACK (HTTP/3 header compression) - impl (static-table field-section codec).
  • RFC 9000 - QUIC transport - impl (varint / packet / frame codecs, the transport-parameters codec sec 18, and the stateful v1 server connection engine: per-level AEAD, CRYPTO / STREAM reassembly, ACKs, coalescing; loss recovery + congestion control are roadmap).
  • RFC 9001 - Using TLS to Secure QUIC - impl (Initial / Handshake / 1-RTT packet protection, header protection, Retry integrity tag, and the hand-rolled TLS 1.3 handshake carried in CRYPTO frames).
  • RFC 8446 - TLS 1.3 - impl for QUIC (a from-scratch server handshake for HTTP/3: TLS_AES_128_GCM_SHA256 + X25519 + Ed25519, the sec 7.1 key schedule + sec 4 messages, pinned to the RFC 8448 traces; mbedTLS has no QUIC-TLS API). TLS over TCP remains via mbedTLS.
  • RFC 9147 - DTLS 1.3 - impl (record layer + server handshake) (DETWS_ENABLE_DTLS: the sec 4 DTLSPlaintext + DTLSCiphertext record layer - unified header, AEAD_AES_128_GCM, sec 4.2.3 sequence-number encryption + sec 4.2.2 reconstruction, sec 4.5.1 anti-replay; the sec 5 + 7 handshake framing / reliability - the 12-byte handshake header, overlap-tolerant reassembly, the ACK message, and the stateless HelloRetryRequest cookie; and the sec 5-6 server handshake state machine - the one-round-trip full handshake, TLS_AES_128_GCM_SHA256 / X25519 / Ed25519, epoch 0→2→3 transitions - reusing the TLS 1.3 messages + key schedule, with the sec 5.9 dtls13 HKDF label prefix. Interoperates with the wolfSSL DTLS 1.3 client - full handshake + application-data round trip, both offering X25519 directly and through a sec 5.1 HelloRetryRequest group renegotiation with an address-bound cookie (test/servers/dtls_wolfssl); lost flights are recovered by a sec 5.8 retransmission timer with exponential backoff, cancelled by inbound ACKs. A CoAP-over-DTLS front-end is roadmap.
  • RFC 8448 - Example TLS 1.3 Handshake Traces - test vectors (the QUIC TLS 1.3 key schedule + ServerHello / Certificate / Finished bytes are pinned to sec 3).
  • RFC 9114 - HTTP/3 - impl (application engine over QUIC streams: control + QPACK streams, SETTINGS, request stream -> response; end-to-end host-tested and hardware-validated).

HTTP authentication & authorization

  • RFC 7617 - HTTP Basic auth - impl.
  • RFC 7616 - HTTP Digest auth (SHA-256, qop=auth) - impl.
  • RFC 7519 - JSON Web Token (JWT) - impl (HS256 verify + claims).
  • RFC 7515 - JSON Web Signature (JWS) - impl (JWT/OIDC signature structure).
  • RFC 7518 - JSON Web Algorithms (JWA) - impl (HS256 / RS256).
  • RFC 6749 - OAuth 2.0 - impl (token-endpoint client).
  • RFC 7636 - PKCE - impl (OAuth2 code-exchange hardening).
  • OpenID Connect Core 1.0 - impl (OIDC ID-token RS256 verification).

Content types & serialization

WebSocket

  • RFC 6455 - The WebSocket Protocol - impl.
  • RFC 7692 - permessage-deflate extension - impl.

IoT / industrial messaging

Network management (SNMP)

  • RFC 1157 - SNMPv1 - impl.
  • RFC 3411 - SNMP architecture - impl (v3).
  • RFC 3412 - SNMP message processing - impl (v3).
  • RFC 3414 - User-based Security Model (USM) - impl (v3 authPriv).
  • RFC 3416 - SNMPv2 PDU operations - impl (v2c / v3).
  • RFC 3826 - AES Cipher in the USM - impl (v3 priv).
  • RFC 7860 - HMAC-SHA-2 auth in the USM - impl (v3 auth).
  • RFC 2578 - SMIv2 - ref (MIB / OID structure).
  • ITU-T X.690 - ASN.1 BER/DER - impl (the SNMP / OIDC BER codec).

SSH & Telnet

  • RFC 4251 - SSH architecture - impl.
  • RFC 4252 - SSH authentication - impl.
  • RFC 4253 - SSH transport layer - impl.
  • RFC 4254 - SSH connection protocol - impl.
  • RFC 4250 - SSH assigned numbers - impl.
  • RFC 4344 - SSH transport encryption modes (CTR) - impl.
  • RFC 5647 - AES-GCM for SSH (aes25.nosp@m.6-gc.nosp@m.m@ope.nosp@m.nssh.nosp@m..com) - impl.
  • RFC 6668 - SHA-2 data-integrity (HMAC) for SSH - impl.
  • RFC 8268 - More MODP DH groups for SSH - impl.
  • RFC 8332 - RSA SHA-2 (rsa-sha2-256/512) for SSH - impl.
  • RFC 5656 - ECC algorithms for SSH (ecdsa-sha2-nistp256 host key + ecdh-sha2-nistp256 KEX) - impl.
  • RFC 6979 - Deterministic ECDSA (native ECDSA nonce; KAT source) - impl.
  • RFC 5903 - ECP groups for IKE/IKEv2 (P-256 ECDH shared-secret KAT source) - impl.
  • RFC 3526 - MODP Diffie-Hellman groups - impl (SSH KEX).
  • RFC 8731 - curve25519-sha256 key exchange for SSH - impl.
  • RFC 8709 - Ed25519/Ed448 public keys for SSH (ssh-ed25519) - impl.
  • RFC 8308 - SSH extension negotiation (ext-info-c, server-sig-algs) - impl.
  • RFC 854 - Telnet Protocol - impl.

Cryptographic primitives

  • FIPS 180-4 - Secure Hash Standard (SHA-2) - impl.
  • RFC 3174 - SHA-1 - impl (WebSocket handshake only).
  • RFC 1320 - MD4 - impl (SMB/NTLM only: the NT hash; legacy, KAT-verified).
  • RFC 1321 - MD5 - impl (SMB/NTLM only: HMAC-MD5 base; legacy, KAT-verified).
  • FIPS 197 - AES - impl (SNMP priv; QUIC AES-128 block + header protection) / via mbedTLS (TLS; QUIC AES block on ESP32).
  • NIST SP 800-38D - GCM (Galois/Counter Mode) - impl (QUIC packet protection AEAD_AES_128_GCM; software GHASH).
  • FIPS 198-1 / RFC 2104 - HMAC - impl.
  • RFC 5869 - HKDF - impl (TLS 1.3 HKDF-Expand-Label; QUIC Initial key schedule).
  • RFC 8017 - PKCS#1 (RSA) - impl (RS256 verify) / via mbedTLS.
  • RFC 7748 - Elliptic curves for security (X25519) - impl (SSH KEX; field inversion on the ESP32 MPI accelerator).
  • RFC 8032 - EdDSA (Ed25519) - impl (SSH host key + client auth).
  • RFC 5754 - SHA-2 algorithm identifiers - ref (RS256 DigestInfo).
  • RFC 6238 - TOTP - impl.
  • RFC 4226 - HOTP - impl (TOTP base).
  • RFC 4122 - UUID - impl (device-id).

Files, logging, naming, transport

  • RFC 4918 - WebDAV - impl.
  • RFC 959 - File Transfer Protocol (FTP) - impl (client codec: command builders, single/multi-line reply parser, PASV address).
  • RFC 2428 - FTP Extensions for IPv6 and NATs (EPSV / EPRT) - impl (client codec: EPRT builder, EPSV port parser).
  • MS-SMB2 - SMB2 (Server Message Block 2) - impl (full read/write-a-file client wire codec: the sync header, NEGOTIATE, SESSION_SETUP with the SPNEGO tokens §2.2.5/§2.2.6, and TREE_CONNECT / CREATE / CLOSE / READ / WRITE §2.2.9-§2.2.22).
  • MS-NLMP - NTLM Authentication - impl (the NTLMv2 response: NThash / NTOWFv2 / NTProofStr / SessionBaseKey, §3.3.2, verified vs the §4.2 worked example; plus the NTLMSSP message codec, §2.2.1: NEGOTIATE / CHALLENGE / AUTHENTICATE).
  • RFC 4178 - SPNEGO (GSS-API negotiation) - impl (SMB/NTLM only: the DER InitialContextToken / NegTokenResp wrapping of the NTLMSSP tokens; verified byte-exact + independently vs openssl asn1parse).
  • RFC 5424 - Syslog Protocol - impl.
  • RFC 1035 - Domain Names (DNS) - impl (resolver + captive-portal responder).
  • IEEE 802.11 - Wireless LAN MAC/PHY - impl (Wi-Fi link; raw-L2 frame TX path).

TLS

  • RFC 8446 - TLS 1.3 - via mbedTLS (server + client); explicit version control is roadmap.
  • RFC 5246 - TLS 1.2 - via mbedTLS; explicit support is roadmap.
  • RFC 5077 - TLS session resumption (tickets) - impl (stateless ticket key-rotation and resumption context).