If I want Hiawatha to have a future, I know that HTTP/2 support is a must-have. Implementing HTTP/2 on my own is simply too much work, so that's no option. Some time ago, I came across nghttp2. But for some reason, I never took the time to look at it properly. A few weeks ago, someone mentioned it at my weblog. Realizing that using an HTTP/2 library is the only way to, I decided to give nghttp2 a try.
I've given the nghttp2 source code a quick look and haven't seen any crazy stuff. I've already updated the Hiawatha build system (thanks Sander!) to include nghttp2 as a library, just like mbed TLS. That means you can compile Hiawatha with the shipped libraries or the ones already present on your system. Next step is to actually use the library in Hiawatha and do some serious testing. Did I say serious testing? I meant some real serious testing. Because, although Hiawatha must have HTTP/2 support to be of any meaning in the future and nghttp2 seems to be the only option, that doesn't mean that I will allow nghttp2 to jeopardize Hiawatha's security. No matter what, you will get what you can expect: the most secure web server available.
Although there is a lot of nghttp2 documentation, I personally think there is room for improvement. After reading it for the first time, it raised a lot of questions. So, when you're excited about this news, don't expect the actual HTTP/2 support in Hiawatha very soon. But no worries, HTTP/1.x will do just fine for quite some time.