[ previously reported on HackerOne and judged to be low enough severity to open here ]

Summary: NodeJS's HTTP/2 client serialises each HTTP/2 request in a separate TLS record, exposing information to attackers performing traffic analysis.

Description: One of the design goals of HTTP/2 is to make traffic analysis more difficult, by multiplexing multiple requests on the same connection. However, NodeJS's HTTP/2 client side appears to send each request (HEADERS frame) in a separate TLS record, which makes this delineation -- and importantly, the sizes of the requests) -- apparent to observers on the network.

Steps To Reproduce:

1. Run server. js in included tarball
2. Configure Wireshark to use the included localhost-privkey.pem for the TLS private key, and ssl-keys.log for the keylog.
3. Start Wireshark capturing on "host localhost and port 8443"
4. Run client.js.
5. Observe packet capture (annotated screenshot attached).

Impact: makes the lives of traffic analysis attackers easier. While NodeJS isn't a browser, it's used by a broad variety of applications, and I'd be a bit surprised if someone somewhere wasn't using it as a client in a situation where this wasn't a risk.

In particular, this information could be used to observe the differences in the sizes of requests, thereby allowing an attacker to "fingerprint" the activity more accurately.

This information could also be used by an attacker to more effectively perform attacks like CRIME, BEAST, etc.

Supporting Material/References:

See attached tarball containing a demo client and server - nodetest.zip

Annotated screenshot from Wireshark: