TLS and HTTP/2 VCL features
Fastly has added several variables that expose information about the TLS and HTTP/2 attributes of a request.
- h2.push() — Triggers an HTTP/2 server push of the asset passed into the function as the input-string.
- fastly_info.h2.is_push — Whether or not this request was a server-initiated request generated to create an HTTP/2 Server-pushed response.
- fastly_info.h2.stream_id — If the request was made over HTTP/2, the underlying HTTP/2 stream ID.
- fastly_info.is_h2 — Whether or not the request was made using http2.
- tls.client.cipher — The cipher suite used to secure the client TLS connection.
- tls.client.ciphers_sha — A SHA1 of the cipher suite identifiers sent from the client as part of the TLS handshake, represented in base64.
- tls.client.protocol — The TLS protocol version this connection is speaking over.
- tls.client.servername — The Server Name Indication (SNI) the client sent in the
- tls.client.tlsexts_sha — A SHA1 of the TLS extension identifiers sent from the client as part of the TLS handshake, represented in base64.
When using these variables, remember the following:
- These variables are currently only allowed to appear within the VCL hooks
- Requests made with HTTP/2 will appear in custom logs as HTTP1.1 because those requests will already have been decrypted by the time Varnish sees it. Specifically, the
%rvariable will not accurately represent the type of HTTPX request being processed.