Add the beginning of the rfc7540 test suite

Currently only testing handshake.

Tests that pass currently involve no request/response.
ALPN and prior knowledge support have some edge cases left to fix.
HTTP/1.1 Upgrade has not been implemented yet.

src/cowboy_http.erl

@@ -302,7 +302,7 @@ parse_request(<< $\s, _/bits >>, State, _) ->
 		''}); %% @todo
 %% We limit the length of the Request-line to MaxLength to avoid endlessly
 %% reading from the socket and eventually crashing.
-parse_request(Buffer, State=#state{opts=Opts}, EmptyLines) ->
+parse_request(Buffer, State=#state{opts=Opts, in_streamid=InStreamID}, EmptyLines) ->
 	MaxLength = maps:get(max_request_line_length, Opts, 8000),
 	MaxEmptyLines = maps:get(max_empty_lines, Opts, 5),
 	case match_eol(Buffer, 0) of
@@ -324,6 +324,10 @@ parse_request(Buffer, State=#state{opts=Opts}, EmptyLines) ->
 					parse_version(Rest, State, <<"OPTIONS">>, <<"*">>, <<>>);
 %				<< "CONNECT ", Rest/bits >> ->
 %					parse_authority( %% @todo
+				%% Accept direct HTTP/2 only at the beginning of the connection.
+				<< "PRI * HTTP/2.0\r\n", _/bits >> when InStreamID =:= 1 ->
+					%% @todo Might be worth throwing to get a clean stacktrace.
+					http2_upgrade(State, Buffer, undefined);
 				_ ->
 					parse_method(Buffer, State, <<>>,
 						maps:get(max_method_length, Opts, 32))
@@ -636,6 +640,19 @@ request(Buffer, State0=#state{ref=Ref, transport=Transport, in_streamid=StreamID
 	end,
 	{request, Req, State, Buffer}.
 
+%% HTTP/2 upgrade.
+
+http2_upgrade(State=#state{parent=Parent, ref=Ref, socket=Socket, transport=Transport,
+		opts=Opts, handler=Handler}, Buffer, Settings) ->
+	case Transport:secure() of
+		false ->
+			_ = cancel_request_timeout(State),
+			cowboy_http2:init(Parent, Ref, Socket, Transport, Opts, Handler, Buffer, Settings);
+		true ->
+			error_terminate(400, State, {connection_error, protocol_error,
+				'Clients that support HTTP/2 over TLS MUST use ALPN. (RFC7540 3.4)'})
+	end.
+
 %% Request body parsing.
 
 parse_body(Buffer, State=#state{in_streamid=StreamID, in_state=

src/cowboy_http2.erl

@@ -15,6 +15,7 @@
 -module(cowboy_http2).
 
 -export([init/6]).
+-export([init/8]).
 
 -export([system_continue/3]).
 -export([system_terminate/4]).
@@ -79,8 +80,22 @@
 
 -spec init(pid(), ranch:ref(), inet:socket(), module(), cowboy:opts(), module()) -> ok.
 init(Parent, Ref, Socket, Transport, Opts, Handler) ->
-	before_loop(#state{parent=Parent, ref=Ref, socket=Socket,
+	init(Parent, Ref, Socket, Transport, Opts, Handler, <<>>, undefined).
-		transport=Transport, opts=Opts, handler=Handler}, <<>>).
+
+-spec init(pid(), ranch:ref(), inet:socket(), module(), cowboy:opts(), module(),
+	binary(), binary() | undefined) -> ok.
+init(Parent, Ref, Socket, Transport, Opts, Handler, Buffer, SettingsPayload) ->
+	State = #state{parent=Parent, ref=Ref, socket=Socket,
+		transport=Transport, opts=Opts, handler=Handler},
+	preface(State),
+	case Buffer of
+		<<>> -> before_loop(State, Buffer);
+		_ -> parse(State, Buffer)
+	end.
+
+preface(#state{socket=Socket, transport=Transport, next_settings=Settings}) ->
+	%% We send next_settings and use defaults until we get a ack.
+	ok = Transport:send(Socket, cow_http2:settings(Settings)).
 
 %% @todo Add the timeout for last time since we heard of connection.
 before_loop(State, Buffer) ->
@@ -130,19 +145,26 @@ loop(State=#state{parent=Parent, socket=Socket, transport=Transport, children=Ch
 		terminate(State, {internal_error, timeout, 'No message or data received before timeout.'})
 	end.
 
-parse(State=#state{socket=Socket, transport=Transport, next_settings=Settings, parse_state=preface}, Data) ->
+parse(State=#state{socket=Socket, transport=Transport, parse_state=preface}, Data) ->
 	case Data of
 		<< "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", Rest/bits >> ->
-			%% @todo To speed up connection we may be able to construct the frame when starting the listener.
-			%% We send next_settings and use defaults until we get a ack.
-			Transport:send(Socket, cow_http2:settings(Settings)),
 			parse(State#state{parse_state=settings}, Rest);
 		_ when byte_size(Data) >= 24 ->
 			Transport:close(Socket),
 			exit({shutdown, {connection_error, protocol_error,
 				'The connection preface was invalid. (RFC7540 3.5)'}});
 		_ ->
-			before_loop(State, Data)
+			Len = byte_size(Data),
+			<< Preface:Len/binary, _/bits >> = <<"PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n">>,
+			case Data of
+				Preface ->
+					%% @todo OK we should have a timeout when waiting for the preface.
+					before_loop(State, Data);
+				_ ->
+					Transport:close(Socket),
+					exit({shutdown, {connection_error, protocol_error,
+						'The connection preface was invalid. (RFC7540 3.5)'}})
+			end
 	end;
 %% @todo Perhaps instead of just more we can have {more, Len} to avoid all the checks.
 parse(State=#state{parse_state=ParseState}, Data) ->
@@ -209,9 +231,10 @@ frame(State, {priority, _StreamID, _IsExclusive, _DepStreamID, _Weight}) ->
 frame(State, {rst_stream, StreamID, Reason}) ->
 	stream_reset(State, StreamID, {stream_error, Reason, 'Stream reset requested by client.'});
 %% SETTINGS frame.
-frame(State, {settings, Settings}) ->
+frame(State=#state{socket=Socket, transport=Transport}, {settings, Settings}) ->
 	%% @todo Apply SETTINGS.
 	io:format("settings ~p~n", [Settings]),
+	Transport:send(Socket, cow_http2:settings_ack()),
 	State;
 %% Ack for a previously sent SETTINGS frame.
 frame(State=#state{next_settings=_NextSettings}, settings_ack) ->

src/cowboy_req.erl

@@ -1187,20 +1187,4 @@ connection_to_atom_test_() ->
 	],
 	[{lists:flatten(io_lib:format("~p", [T])),
 		fun() -> R = connection_to_atom(T) end} || {T, R} <- Tests].
-
-merge_headers_test_() ->
-	Tests = [
-		{[{<<"content-length">>,<<"13">>},{<<"server">>,<<"Cowboy">>}],
-		 [{<<"set-cookie">>,<<"foo=bar">>},{<<"content-length">>,<<"11">>}],
-		 [{<<"set-cookie">>,<<"foo=bar">>},
-		  {<<"content-length">>,<<"13">>},
-		  {<<"server">>,<<"Cowboy">>}]},
-		{[{<<"content-length">>,<<"13">>},{<<"server">>,<<"Cowboy">>}],
-		 [{<<"set-cookie">>,<<"foo=bar">>},{<<"set-cookie">>,<<"bar=baz">>}],
-		 [{<<"set-cookie">>,<<"bar=baz">>},
-		  {<<"set-cookie">>,<<"foo=bar">>},
-		  {<<"content-length">>,<<"13">>},
-		  {<<"server">>,<<"Cowboy">>}]}
-	],
-	[fun() -> Res = merge_headers(L,R) end || {L, R, Res} <- Tests].
 -endif.

test/cowboy_test.erl

@@ -30,6 +30,12 @@ init_https(Ref, ProtoOpts, Config) ->
 	Port = ranch:get_port(Ref),
 	[{type, ssl}, {protocol, http}, {port, Port}, {opts, Opts}|Config].
 
+init_http2(Ref, ProtoOpts, Config) ->
+	Opts = ct_helper:get_certs_from_ets(),
+	{ok, _} = cowboy:start_tls(Ref, 100, Opts ++ [{port, 0}], ProtoOpts),
+	Port = ranch:get_port(Ref),
+	[{type, ssl}, {protocol, http2}, {port, Port}, {opts, Opts}|Config].
+
 %% Common group of listeners used by most suites.
 
 common_all() ->

test/rfc7540_SUITE.erl

@@ -0,0 +1,685 @@
+%% Copyright (c) 2016, Loïc Hoguin <essen@ninenines.eu>
+%%
+%% Permission to use, copy, modify, and/or distribute this software for any
+%% purpose with or without fee is hereby granted, provided that the above
+%% copyright notice and this permission notice appear in all copies.
+%%
+%% THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+%% WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+%% MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+%% ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+%% WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+%% ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+%% OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+-module(rfc7540_SUITE).
+-compile(export_all).
+
+-import(ct_helper, [config/2]).
+-import(ct_helper, [doc/1]).
+-import(cowboy_test, [raw_open/1]).
+-import(cowboy_test, [raw_send/2]).
+-import(cowboy_test, [raw_recv_head/1]).
+-import(cowboy_test, [raw_recv/3]).
+
+all() -> [{group, clear}, {group, tls}].
+
+groups() ->
+	Modules = ct_helper:all(?MODULE),
+	Clear = [M || M <- Modules, lists:sublist(atom_to_list(M), 4) =/= "alpn"] -- [prior_knowledge_reject_tls],
+	TLS = [M || M <- Modules, lists:sublist(atom_to_list(M), 4) =:= "alpn"] ++ [prior_knowledge_reject_tls],
+	[{clear, [parallel], Clear}, {tls, [parallel], TLS}].
+
+init_per_group(Name = clear, Config) ->
+	cowboy_test:init_http(Name = clear, #{
+		env => #{dispatch => cowboy_router:compile(init_routes(Config))}
+	}, Config);
+init_per_group(Name = tls, Config) ->
+	cowboy_test:init_http2(Name = tls, #{
+		env => #{dispatch => cowboy_router:compile(init_routes(Config))}
+	}, Config).
+
+end_per_group(Name, _) ->
+	ok = cowboy:stop_listener(Name).
+
+init_routes(_) -> [
+	{"localhost", [
+		{"/", hello_h, []}
+	]}
+].
+
+%% Starting HTTP/2 for "http" URIs.
+
+http_upgrade_ignore_h2(Config) ->
+	doc("An h2 token in an Upgrade field must be ignored. (RFC7540 3.2)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	ok = gen_tcp:send(Socket, [
+		"GET / HTTP/1.1\r\n"
+		"Host: localhost\r\n"
+		"Connection: Upgrade, HTTP2-Settings\r\n"
+		"Upgrade: h2\r\n"
+		"HTTP2-Settings: ", base64:encode(cow_http2:settings_payload(#{})), "\r\n",
+		"\r\n"]),
+	{ok, <<"HTTP/1.1 200">>} = gen_tcp:recv(Socket, 12, 1000),
+	ok.
+
+http_upgrade_ignore_if_http_10(Config) ->
+	doc("The Upgrade header must be ignored if part of an HTTP/1.0 request. (RFC7230 6.7)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	ok = gen_tcp:send(Socket, [
+		"GET / HTTP/1.0\r\n"
+		"Host: localhost\r\n"
+		"Connection: Upgrade, HTTP2-Settings\r\n"
+		"Upgrade: h2\r\n"
+		"HTTP2-Settings: ", base64:encode(cow_http2:settings_payload(#{})), "\r\n",
+		"\r\n"]),
+	{ok, <<"HTTP/1.1 200">>} = gen_tcp:recv(Socket, 12, 1000),
+	ok.
+
+http_upgrade_ignore_missing_upgrade_in_connection(Config) ->
+	doc("The Upgrade header must be listed in the "
+		"Connection header field. (RFC7230 6.7)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	ok = gen_tcp:send(Socket, [
+		"GET / HTTP/1.1\r\n"
+		"Host: localhost\r\n"
+		"Connection: HTTP2-Settings\r\n"
+		"Upgrade: h2\r\n"
+		"HTTP2-Settings: ", base64:encode(cow_http2:settings_payload(#{})), "\r\n",
+		"\r\n"]),
+	{ok, <<"HTTP/1.1 200">>} = gen_tcp:recv(Socket, 12, 1000),
+	ok.
+
+http_upgrade_reject_missing_http2_settings_in_connection(Config) ->
+	doc("The HTTP2-Settings header must be listed in the "
+		"Connection header field. (RFC7540 3.2.1, RFC7230 6.7)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	ok = gen_tcp:send(Socket, [
+		"GET / HTTP/1.1\r\n"
+		"Host: localhost\r\n"
+		"Connection: Upgrade\r\n"
+		"Upgrade: h2\r\n"
+		"HTTP2-Settings: ", base64:encode(cow_http2:settings_payload(#{})), "\r\n",
+		"\r\n"]),
+	{ok, <<"HTTP/1.1 400">>} = gen_tcp:recv(Socket, 12, 1000),
+	ok.
+
+http_upgrade_reject_zero_http2_settings_header(Config) ->
+	doc("The HTTP Upgrade request must include "
+		"exactly one HTTP2-Settings header field (RFC7540 3.2, RFC7540 3.2.1)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	ok = gen_tcp:send(Socket, [
+		"GET / HTTP/1.1\r\n"
+		"Host: localhost\r\n"
+		"Connection: Upgrade, HTTP2-Settings\r\n"
+		"Upgrade: h2\r\n"
+		"\r\n"]),
+	{ok, <<"HTTP/1.1 400">>} = gen_tcp:recv(Socket, 12, 1000),
+	ok.
+
+http_upgrade_reject_two_http2_settings_header(Config) ->
+	doc("The HTTP Upgrade request must include "
+		"exactly one HTTP2-Settings header field (RFC7540 3.2, RFC7540 3.2.1)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	ok = gen_tcp:send(Socket, [
+		"GET / HTTP/1.1\r\n"
+		"Host: localhost\r\n"
+		"Connection: Upgrade, HTTP2-Settings\r\n"
+		"Upgrade: h2\r\n"
+		"HTTP2-Settings: ", base64:encode(cow_http2:settings_payload(#{})), "\r\n",
+		"HTTP2-Settings: ", base64:encode(cow_http2:settings_payload(#{})), "\r\n",
+		"\r\n"]),
+	{ok, <<"HTTP/1.1 400">>} = gen_tcp:recv(Socket, 12, 1000),
+	ok.
+
+http_upgrade_reject_bad_http2_settings_header(Config) ->
+	doc("The HTTP Upgrade request must include "
+		"a valid HTTP2-Settings header field (RFC7540 3.2, RFC7540 3.2.1)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	ok = gen_tcp:send(Socket, [
+		"GET / HTTP/1.1\r\n"
+		"Host: localhost\r\n"
+		"Connection: Upgrade, HTTP2-Settings\r\n"
+		"Upgrade: h2\r\n"
+		%% We send a full SETTINGS frame on purpose.
+		"HTTP2-Settings: ", base64:encode(cow_http2:settings(#{})), "\r\n",
+		"\r\n"]),
+	{ok, <<"HTTP/1.1 400">>} = gen_tcp:recv(Socket, 12, 1000),
+	ok.
+
+http_upgrade_101(Config) ->
+	doc("A 101 response must be sent on successful upgrade "
+		"to HTTP/2 when using the HTTP Upgrade mechanism. (RFC7540 3.2, RFC7230 6.7)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	ok = gen_tcp:send(Socket, [
+		"GET / HTTP/1.1\r\n"
+		"Host: localhost\r\n"
+		"Connection: Upgrade, HTTP2-Settings\r\n"
+		"Upgrade: h2\r\n"
+		"HTTP2-Settings: ", base64:encode(cow_http2:settings_payload(#{})), "\r\n",
+		"\r\n"]),
+	{ok, <<"HTTP/1.1 101 Switching Protocols\r\n">>} = gen_tcp:recv(Socket, 36, 1000),
+	ok.
+
+http_upgrade_server_preface(Config) ->
+	doc("The first frame after the upgrade must be a "
+		"SETTINGS frame for the server connection preface. (RFC7540 3.2, RFC7540 3.5, RFC7540 6.5)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	ok = gen_tcp:send(Socket, [
+		"GET / HTTP/1.1\r\n"
+		"Host: localhost\r\n"
+		"Connection: Upgrade, HTTP2-Settings\r\n"
+		"Upgrade: h2\r\n"
+		"HTTP2-Settings: ", base64:encode(cow_http2:settings_payload(#{})), "\r\n",
+		"\r\n"]),
+	{ok, <<"HTTP/1.1 101 Switching Protocols\r\n">>} = gen_tcp:recv(Socket, 36, 1000),
+	%% Receive the server preface.
+	{ok, << _:24, 4:8, 0:40 >>} = gen_tcp:recv(Socket, 9, 1000),
+	ok.
+
+http_upgrade_client_preface_timeout(Config) ->
+	doc("Clients negotiating HTTP/2 and not sending a preface in "
+		"a timely manner must be disconnected."),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	ok = gen_tcp:send(Socket, [
+		"GET / HTTP/1.1\r\n"
+		"Host: localhost\r\n"
+		"Connection: Upgrade, HTTP2-Settings\r\n"
+		"Upgrade: h2\r\n"
+		"HTTP2-Settings: ", base64:encode(cow_http2:settings_payload(#{})), "\r\n",
+		"\r\n"]),
+	{ok, <<"HTTP/1.1 101 Switching Protocols\r\n">>} = gen_tcp:recv(Socket, 36, 1000),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = gen_tcp:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = gen_tcp:recv(Socket, 6 + Len, 1000),
+	%% Do not send the preface. Wait for the server to disconnect us.
+	{error, closed} = gen_tcp:recv(Socket, 3, 6000),
+	ok.
+
+http_upgrade_reject_missing_client_preface(Config) ->
+	doc("Servers must treat an invalid connection preface as a "
+		"connection error of type PROTOCOL_ERROR. (RFC7540 3.2, RFC7540 3.5)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	ok = gen_tcp:send(Socket, [
+		"GET / HTTP/1.1\r\n"
+		"Host: localhost\r\n"
+		"Connection: Upgrade, HTTP2-Settings\r\n"
+		"Upgrade: h2\r\n"
+		"HTTP2-Settings: ", base64:encode(cow_http2:settings_payload(#{})), "\r\n",
+		"\r\n"]),
+	{ok, <<"HTTP/1.1 101 Switching Protocols\r\n">>} = gen_tcp:recv(Socket, 36, 1000),
+	%% Send a SETTINGS frame directly instead of the proper preface.
+	ok = gen_tcp:send(Socket, cow_http2:settings(#{})),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = gen_tcp:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = gen_tcp:recv(Socket, 6 + Len, 1000),
+	%% We expect the server to close the connection when it receives a bad preface.
+	{error, closed} = gen_tcp:recv(Socket, 3, 1000),
+	ok.
+
+http_upgrade_reject_invalid_client_preface(Config) ->
+	doc("Servers must treat an invalid connection preface as a "
+		"connection error of type PROTOCOL_ERROR. (RFC7540 3.2, RFC7540 3.5)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	ok = gen_tcp:send(Socket, [
+		"GET / HTTP/1.1\r\n"
+		"Host: localhost\r\n"
+		"Connection: Upgrade, HTTP2-Settings\r\n"
+		"Upgrade: h2\r\n"
+		"HTTP2-Settings: ", base64:encode(cow_http2:settings_payload(#{})), "\r\n",
+		"\r\n"]),
+	{ok, <<"HTTP/1.1 101 Switching Protocols\r\n">>} = gen_tcp:recv(Socket, 36, 1000),
+	%% Send a slightly incorrect preface.
+	ok = gen_tcp:send(Socket, "PRI * HTTP/2.0\r\n\r\nSM: Value\r\n\r\n"),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = gen_tcp:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = gen_tcp:recv(Socket, 6 + Len, 1000),
+	%% We expect the server to close the connection when it receives a bad preface.
+	{error, closed} = gen_tcp:recv(Socket, 3, 1000),
+	ok.
+
+http_upgrade_reject_missing_client_preface_settings(Config) ->
+	doc("Servers must treat an invalid connection preface as a "
+		"connection error of type PROTOCOL_ERROR. (RFC7540 3.2, RFC7540 3.5)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	ok = gen_tcp:send(Socket, [
+		"GET / HTTP/1.1\r\n"
+		"Host: localhost\r\n"
+		"Connection: Upgrade, HTTP2-Settings\r\n"
+		"Upgrade: h2\r\n"
+		"HTTP2-Settings: ", base64:encode(cow_http2:settings_payload(#{})), "\r\n",
+		"\r\n"]),
+	{ok, <<"HTTP/1.1 101 Switching Protocols\r\n">>} = gen_tcp:recv(Socket, 36, 1000),
+	%% Send a valid preface sequence except followed by a PING instead of a SETTINGS frame.
+	ok = gen_tcp:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:ping(0)]),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = gen_tcp:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = gen_tcp:recv(Socket, 6 + Len, 1000),
+	%% We expect the server to close the connection when it receives a bad preface.
+	{error, closed} = gen_tcp:recv(Socket, 3, 1000),
+	ok.
+
+http_upgrade_reject_invalid_client_preface_settings(Config) ->
+	doc("Servers must treat an invalid connection preface as a "
+		"connection error of type PROTOCOL_ERROR. (RFC7540 3.2, RFC7540 3.5)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	ok = gen_tcp:send(Socket, [
+		"GET / HTTP/1.1\r\n"
+		"Host: localhost\r\n"
+		"Connection: Upgrade, HTTP2-Settings\r\n"
+		"Upgrade: h2\r\n"
+		"HTTP2-Settings: ", base64:encode(cow_http2:settings_payload(#{})), "\r\n",
+		"\r\n"]),
+	{ok, <<"HTTP/1.1 101 Switching Protocols\r\n">>} = gen_tcp:recv(Socket, 36, 1000),
+	%% Send a valid preface sequence except followed by a badly formed SETTINGS frame.
+	ok = gen_tcp:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", << 0:24, 4:8, 0:9, 1:31 >>]),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = gen_tcp:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = gen_tcp:recv(Socket, 6 + Len, 1000),
+	%% We expect the server to close the connection when it receives a bad preface.
+	{error, closed} = gen_tcp:recv(Socket, 3, 1000),
+	ok.
+
+http_upgrade_accept_client_preface_empty_settings(Config) ->
+	doc("The SETTINGS frame in the client preface may be empty. (RFC7540 3.2, RFC7540 3.5)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	ok = gen_tcp:send(Socket, [
+		"GET / HTTP/1.1\r\n"
+		"Host: localhost\r\n"
+		"Connection: Upgrade, HTTP2-Settings\r\n"
+		"Upgrade: h2\r\n"
+		"HTTP2-Settings: ", base64:encode(cow_http2:settings_payload(#{})), "\r\n",
+		"\r\n"]),
+	{ok, <<"HTTP/1.1 101 Switching Protocols\r\n">>} = gen_tcp:recv(Socket, 36, 1000),
+	%% Send a valid preface sequence except followed by an empty SETTINGS frame.
+	ok = gen_tcp:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = gen_tcp:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = gen_tcp:recv(Socket, 6 + Len, 1000),
+	%% Receive the SETTINGS ack.
+	{ok, << 0:24, 4:8, 1:8, 0:32 >>} = gen_tcp:recv(Socket, 9, 1000),
+	ok.
+
+http_upgrade_client_preface_settings_ack_timeout(Config) ->
+	doc("The SETTINGS frames sent by the client must be acknowledged. (RFC7540 3.5, RFC7540 6.5.3)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	ok = gen_tcp:send(Socket, [
+		"GET / HTTP/1.1\r\n"
+		"Host: localhost\r\n"
+		"Connection: Upgrade, HTTP2-Settings\r\n"
+		"Upgrade: h2\r\n"
+		"HTTP2-Settings: ", base64:encode(cow_http2:settings_payload(#{})), "\r\n",
+		"\r\n"]),
+	{ok, <<"HTTP/1.1 101 Switching Protocols\r\n">>} = gen_tcp:recv(Socket, 36, 1000),
+	%% Send a valid preface.
+	ok = gen_tcp:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = gen_tcp:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = gen_tcp:recv(Socket, 6 + Len, 1000),
+	%% Receive the SETTINGS ack.
+	{ok, << 0:24, 4:8, 1:8, 0:32 >>} = gen_tcp:recv(Socket, 9, 1000),
+	%% Do not ack the server preface. Expect a GOAWAY with reason SETTINGS_TIMEOUT.
+	{ok, << _:24, 7:8, _:72, 4:32 >>} = gen_tcp:recv(Socket, 17, 6000),
+	ok.
+
+%% @todo We need a successful test with actual options in HTTP2-Settings.
+
+%% @todo Also assigned default priority values but not sure how to test that.
+http_upgrade_response(Config) ->
+	doc("A response must be sent to the initial HTTP/1.1 request "
+		"after switching to HTTP/2. The response must use "
+		"the stream identifier 1. (RFC7540 3.2)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	ok = gen_tcp:send(Socket, [
+		"GET / HTTP/1.1\r\n"
+		"Host: localhost\r\n"
+		"Connection: Upgrade, HTTP2-Settings\r\n"
+		"Upgrade: h2\r\n"
+		"HTTP2-Settings: ", base64:encode(cow_http2:settings_payload(#{})), "\r\n",
+		"\r\n"]),
+	{ok, <<"HTTP/1.1 101 Switching Protocols\r\n">>} = gen_tcp:recv(Socket, 36, 1000),
+	%% Send a valid preface.
+	%% @todo Use non-empty SETTINGS here. Just because.
+	ok = gen_tcp:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = gen_tcp:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = gen_tcp:recv(Socket, 6 + Len, 1000),
+	%% Send the SETTINGS ack.
+	ok = gen_tcp:send(Socket, cow_http2:settings_ack()),
+	%% Receive the SETTINGS ack.
+	%% @todo It's possible that we receive the response before the SETTINGS ack.
+	{ok, << 0:24, 4:8, 1:8, 0:32 >>} = gen_tcp:recv(Socket, 9, 1000),
+	%% Receive the response to the original request. It uses streamid 1.
+	{ok, << _:24, 1:8, _:8, 1:32 >>} = gen_tcp:recv(Socket, 9, 1000),
+	ok.
+
+http_upgrade_response_half_closed(Config) ->
+	doc("The stream for the initial HTTP/1.1 request is half-closed. (RFC7540 3.2)"),
+	%% Try sending more data after the upgrade and get an error.
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	ok = gen_tcp:send(Socket, [
+		"GET / HTTP/1.1\r\n"
+		"Host: localhost\r\n"
+		"Connection: Upgrade, HTTP2-Settings\r\n"
+		"Upgrade: h2\r\n"
+		"HTTP2-Settings: ", base64:encode(cow_http2:settings_payload(#{})), "\r\n",
+		"\r\n"]),
+	{ok, <<"HTTP/1.1 101 Switching Protocols\r\n">>} = gen_tcp:recv(Socket, 36, 1000),
+	%% Send a valid preface.
+	ok = gen_tcp:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
+	%% Send more data on the stream to trigger an error.
+	ok = gen_tcp:send(Socket, cow_http2:data(1, fin, <<>>)),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = gen_tcp:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = gen_tcp:recv(Socket, 6 + Len, 1000),
+	%% Receive the SETTINGS ack.
+	%% @todo It's possible that we receive the response before the SETTINGS ack or RST_STREAM.
+	{ok, << 0:24, 4:8, 1:8, 0:32 >>} = gen_tcp:recv(Socket, 9, 1000),
+	%% The server resets the stream with reason STREAM_CLOSED.
+	{ok, << 4:24, 3:8, 0:8, 1:32, 5:32 >>} = gen_tcp:recv(Socket, 13, 1000),
+	ok.
+
+%% Starting HTTP/2 for "https" URIs.
+
+alpn_ignore_h2c(Config) ->
+	doc("An h2c ALPN protocol identifier must be ignored. (RFC7540 3.3)"),
+	{ok, Socket} = ssl:connect("localhost", config(port, Config),
+		[{alpn_advertised_protocols, [<<"h2c">>, <<"http/1.1">>]}, binary, {active, false}]),
+	{ok, <<"http/1.1">>} = ssl:negotiated_protocol(Socket),
+	ok.
+
+alpn_server_preface(Config) ->
+	doc("The first frame must be a SETTINGS frame "
+		"for the server connection preface. (RFC7540 3.3, RFC7540 3.5, RFC7540 6.5)"),
+	{ok, Socket} = ssl:connect("localhost", config(port, Config),
+		[{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]),
+	{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
+	%% Receive the server preface.
+	{ok, << _:24, 4:8, 0:40 >>} = ssl:recv(Socket, 9, 1000),
+	ok.
+
+alpn_client_preface_timeout(Config) ->
+	doc("Clients negotiating HTTP/2 and not sending a preface in "
+		"a timely manner must be disconnected."),
+	{ok, Socket} = ssl:connect("localhost", config(port, Config),
+		[{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]),
+	{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = ssl:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = ssl:recv(Socket, 6 + Len, 1000),
+	%% Do not send the preface. Wait for the server to disconnect us.
+	{error, closed} = ssl:recv(Socket, 3, 6000),
+	ok.
+
+alpn_reject_missing_client_preface(Config) ->
+	doc("Servers must treat an invalid connection preface as a "
+		"connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"),
+	{ok, Socket} = ssl:connect("localhost", config(port, Config),
+		[{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]),
+	{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
+	%% Send a SETTINGS frame directly instead of the proper preface.
+	ok = ssl:send(Socket, cow_http2:settings(#{})),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = ssl:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = ssl:recv(Socket, 6 + Len, 1000),
+	%% We expect the server to close the connection when it receives a bad preface.
+	{error, closed} = ssl:recv(Socket, 3, 1000),
+	ok.
+
+alpn_reject_invalid_client_preface(Config) ->
+	doc("Servers must treat an invalid connection preface as a "
+		"connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"),
+	{ok, Socket} = ssl:connect("localhost", config(port, Config),
+		[{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]),
+	{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
+	%% Send a slightly incorrect preface.
+	ok = ssl:send(Socket, "PRI * HTTP/2.0\r\n\r\nSM: Value\r\n\r\n"),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = ssl:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = ssl:recv(Socket, 6 + Len, 1000),
+	%% We expect the server to close the connection when it receives a bad preface.
+	{error, closed} = ssl:recv(Socket, 3, 1000),
+	ok.
+
+alpn_reject_missing_client_preface_settings(Config) ->
+	doc("Servers must treat an invalid connection preface as a "
+		"connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"),
+	{ok, Socket} = ssl:connect("localhost", config(port, Config),
+		[{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]),
+	{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
+	%% Send a valid preface sequence except followed by a PING instead of a SETTINGS frame.
+	ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:ping(0)]),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = ssl:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = ssl:recv(Socket, 6 + Len, 1000),
+	%% We expect the server to close the connection when it receives a bad preface.
+	{error, closed} = ssl:recv(Socket, 3, 1000),
+	ok.
+
+alpn_reject_invalid_client_preface_settings(Config) ->
+	doc("Servers must treat an invalid connection preface as a "
+		"connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"),
+	{ok, Socket} = ssl:connect("localhost", config(port, Config),
+		[{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]),
+	{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
+	%% Send a valid preface sequence except followed by a badly formed SETTINGS frame.
+	ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", << 0:24, 4:8, 0:9, 1:31 >>]),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = ssl:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = ssl:recv(Socket, 6 + Len, 1000),
+	%% We expect the server to close the connection when it receives a bad preface.
+	{error, closed} = ssl:recv(Socket, 3, 1000),
+	ok.
+
+alpn_accept_client_preface_empty_settings(Config) ->
+	doc("The SETTINGS frame in the client preface may be empty. (RFC7540 3.3, RFC7540 3.5)"),
+	{ok, Socket} = ssl:connect("localhost", config(port, Config),
+		[{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]),
+	{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
+	%% Send a valid preface sequence except followed by an empty SETTINGS frame.
+	ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = ssl:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = ssl:recv(Socket, 6 + Len, 1000),
+	%% Receive the SETTINGS ack.
+	{ok, << 0:24, 4:8, 1:8, 0:32 >>} = ssl:recv(Socket, 9, 1000),
+	ok.
+
+alpn_client_preface_settings_ack_timeout(Config) ->
+	doc("Failure to acknowledge the server's SETTINGS frame "
+		"results in a SETTINGS_TIMEOUT connection error. (RFC7540 3.5, RFC7540 6.5.3)"),
+	{ok, Socket} = ssl:connect("localhost", config(port, Config),
+		[{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]),
+	{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
+	%% Send a valid preface.
+	ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = ssl:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = ssl:recv(Socket, 6 + Len, 1000),
+	%% Receive the SETTINGS ack.
+	{ok, << 0:24, 4:8, 1:8, 0:32 >>} = ssl:recv(Socket, 9, 1000),
+	%% Do not ack the server preface. Expect a GOAWAY with reason SETTINGS_TIMEOUT.
+	{ok, << _:24, 7:8, _:72, 4:32 >>} = ssl:recv(Socket, 17, 6000),
+	ok.
+
+alpn(Config) ->
+	doc("Successful ALPN negotiation. (RFC7540 3.3)"),
+	{ok, Socket} = ssl:connect("localhost", config(port, Config),
+		[{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]),
+	{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
+	%% Send a valid preface.
+	%% @todo Use non-empty SETTINGS here. Just because.
+	ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = ssl:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = ssl:recv(Socket, 6 + Len, 1000),
+	%% Send the SETTINGS ack.
+	ok = ssl:send(Socket, cow_http2:settings_ack()),
+	%% Receive the SETTINGS ack.
+	{ok, << 0:24, 4:8, 1:8, 0:32 >>} = ssl:recv(Socket, 9, 1000),
+	%% Wait until after the SETTINGS ack timeout was supposed to trigger.
+	receive after 6000 -> ok end,
+	%% Send a PING.
+	ok = ssl:send(Socket, cow_http2:ping(0)),
+	%% Receive a PING ack back, indicating the connection is still up.
+	{ok, << 8:24, 6:8, 0:7, 1:1, 0:96 >>} = ssl:recv(Socket, 17, 1000),
+	ok.
+
+%% Starting HTTP/2 with prior knowledge.
+
+prior_knowledge_reject_tls(Config) ->
+	doc("Implementations that support HTTP/2 over TLS must use ALPN. (RFC7540 3.4)"),
+	{ok, Socket} = ssl:connect("localhost", config(port, Config), [binary, {active, false}]),
+	%% Send a valid preface.
+	ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
+	%% We expect the server to send an HTTP 400 error
+	%% when trying to use HTTP/2 without going through ALPN negotiation.
+	{ok, <<"HTTP/1.1 400">>} = ssl:recv(Socket, 12, 1000),
+	ok.
+
+prior_knowledge_server_preface(Config) ->
+	doc("The first frame must be a SETTINGS frame "
+		"for the server connection preface. (RFC7540 3.4, RFC7540 3.5, RFC7540 6.5)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	%% Send a valid preface.
+	ok = gen_tcp:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
+	%% Receive the server preface.
+	{ok, << _:24, 4:8, 0:40 >>} = gen_tcp:recv(Socket, 9, 1000),
+	ok.
+
+%% Note: the client preface timeout doesn't apply in this case,
+%% so we don't test it. An HTTP/1.1 client that does not send
+%% a request in a timely manner will get disconnected by the
+%% HTTP protocol code, not by HTTP/2's.
+
+%% Note: the test that starts by sending a SETTINGS frame is
+%% redundant with tests sending garbage on the connection.
+%% From the point of view of an HTTP/1.1 connection, a
+%% SETTINGS frame is indistinguishable from garbage.
+
+prior_knowledge_reject_invalid_client_preface(Config) ->
+	doc("An incorrect preface is an invalid HTTP/1.1 request. (RFC7540 3.4)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	%% Send a slightly incorrect preface.
+	ok = gen_tcp:send(Socket, "PRI * HTTP/2.0\r\n\r\nSM: Value\r\n\r\n"),
+	%% We propagate to HTTP/2 after checking only the request-line.
+	%% The server then sends its preface before checking the full client preface.
+	{ok, << Len:24 >>} = gen_tcp:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = gen_tcp:recv(Socket, 6 + Len, 1000),
+	%% We expect the server to close the connection when it receives a bad preface.
+	{error, closed} = gen_tcp:recv(Socket, 3, 1000),
+	ok.
+
+prior_knowledge_reject_missing_client_preface_settings(Config) ->
+	doc("Servers must treat an invalid connection preface as a "
+		"connection error of type PROTOCOL_ERROR. (RFC7540 3.4, RFC7540 3.5)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	%% Send a valid preface sequence except followed by a PING instead of a SETTINGS frame.
+	ok = gen_tcp:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:ping(0)]),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = gen_tcp:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = gen_tcp:recv(Socket, 6 + Len, 1000),
+	%% We expect the server to close the connection when it receives a bad preface.
+	{error, closed} = gen_tcp:recv(Socket, 3, 1000),
+	ok.
+
+prior_knowledge_reject_invalid_client_preface_settings(Config) ->
+	doc("Servers must treat an invalid connection preface as a "
+		"connection error of type PROTOCOL_ERROR. (RFC7540 3.4, RFC7540 3.5)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	%% Send a valid preface sequence except followed by a badly formed SETTINGS frame.
+	ok = gen_tcp:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", << 0:24, 4:8, 0:9, 1:31 >>]),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = gen_tcp:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = gen_tcp:recv(Socket, 6 + Len, 1000),
+	%% We expect the server to close the connection when it receives a bad preface.
+	{error, closed} = gen_tcp:recv(Socket, 3, 1000),
+	ok.
+
+prior_knowledge_accept_client_preface_empty_settings(Config) ->
+	doc("The SETTINGS frame in the client preface may be empty. (RFC7540 3.4, RFC7540 3.5)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	%% Send a valid preface sequence except followed by an empty SETTINGS frame.
+	ok = gen_tcp:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = gen_tcp:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = gen_tcp:recv(Socket, 6 + Len, 1000),
+	%% Receive the SETTINGS ack.
+	{ok, << 0:24, 4:8, 1:8, 0:32 >>} = gen_tcp:recv(Socket, 9, 1000),
+	ok.
+
+prior_knowledge_client_preface_settings_ack_timeout(Config) ->
+	doc("The SETTINGS frames sent by the client must be acknowledged. (RFC7540 3.5, RFC7540 6.5.3)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	%% Send a valid preface.
+	ok = gen_tcp:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = gen_tcp:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = gen_tcp:recv(Socket, 6 + Len, 1000),
+	%% Receive the SETTINGS ack.
+	{ok, << 0:24, 4:8, 1:8, 0:32 >>} = gen_tcp:recv(Socket, 9, 1000),
+	%% Do not ack the server preface. Expect a GOAWAY with reason SETTINGS_TIMEOUT.
+	{ok, << _:24, 7:8, _:72, 4:32 >>} = gen_tcp:recv(Socket, 17, 6000),
+	ok.
+
+prior_knowledge(Config) ->
+	doc("Streams can be initiated after a successful HTTP/2 connection "
+		"with prior knowledge of server capabilities. (RFC7540 3.4)"),
+	{ok, Socket} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}]),
+	%% Send a valid preface.
+	%% @todo Use non-empty SETTINGS here. Just because.
+	ok = gen_tcp:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
+	%% Receive the server preface.
+	{ok, << Len:24 >>} = gen_tcp:recv(Socket, 3, 1000),
+	{ok, << 4:8, 0:40, _:Len/binary >>} = gen_tcp:recv(Socket, 6 + Len, 1000),
+	%% Send the SETTINGS ack.
+	ok = gen_tcp:send(Socket, cow_http2:settings_ack()),
+	%% Receive the SETTINGS ack.
+	{ok, << 0:24, 4:8, 1:8, 0:32 >>} = gen_tcp:recv(Socket, 9, 1000),
+	%% Wait until after the SETTINGS ack timeout was supposed to trigger.
+	receive after 6000 -> ok end,
+	%% Send a PING.
+	ok = gen_tcp:send(Socket, cow_http2:ping(0)),
+	%% Receive a PING ack back, indicating the connection is still up.
+	{ok, << 8:24, 6:8, 0:7, 1:1, 0:96 >>} = gen_tcp:recv(Socket, 17, 1000),
+	ok.
+
+
+
+%% Tests still need to be added for the following points:
+
+%% @todo how to test this?
+%3.2.1
+%   A server decodes and interprets these values as it would any other
+%   SETTINGS frame.
+
+%3.2
+% @todo (maybe an option to disable HTTP/2?)
+%   A server that does not support HTTP/2 can respond to the request as
+%   though the Upgrade header field were absent
+
+%% @todo Do we reject "http" requests over TLS and "https" requests over TCP?
+%% Yes, see 421 status code. But maybe some configuration is in order.
+
+%3.5
+%% @todo yeah idk
+%(if the upgrade failed and the connection send this before 101 then
+% we should 400 and close the connection, but not sure how it can fail)
+% @todo (maybe an option to disable HTTP/2?)
+%	The client sends
+%   the client connection preface immediately upon receipt of a 101
+%   (Switching Protocols) response (indicating a successful upgrade)
+
+%% @todo
+%3.5
+%(big mess)
+%   To avoid unnecessary latency, clients are permitted to send
+%   additional frames to the server immediately after sending the client
+%   connection preface, without waiting to receive the server connection
+%   preface.  It is important to note, however, that the server
+%   connection preface SETTINGS frame might include parameters that
+%   necessarily alter how a client is expected to communicate with the
+%   server.  Upon receiving the SETTINGS frame, the client is expected to
+%   honor any parameters established.  In some configurations, it is
+%   possible for the server to transmit SETTINGS before the client sends
+%   additional frames, providing an opportunity to avoid this issue.