We've been taking a look at the release candidate for Windows 2003 Service Pack 1 and in particular at several interesting changes to the HTTP.sys API. Here are some things we found worth calling to your attention:
Most of the changes are implemented via registry settings that won't be added by default. To take advantage of them, you will have to know which keys to add, delete or modify, so it pays to download the document we've linked to above and read up on these things.
For example, there is no longer a default limit on simultaneous connections. In Win2k3, that limit was 8,000 connections, but it could be overridden by creating and setting the MaxConnections reg key. When you install SP1, it won't remove MaxConnections, if you have added it. This is by design -- you might have overridden the old limit, but not necessarily want to do without any limit at all (for instance, if the box is serving mulitple roles). If, however, you do want to take advantage of the new “unlimited” simultaneous connection support, then you'll need to remove the MaxConnections key that you had previously added.
The HTTP.sys “error” logging has also been refactored. It now includes the headers that allow it to be parsed by standard log parsers, as well as more fields, and the ability to rollover based on date and time (as well as size). All this is, again, configured through reg keys.
You also might be interested to know that SP1 makes available kernel-mode SSL support. If you're like us, that will certainly prick up your ears -- the potential performance optimization here is quite substantial. However, read up on it carefully before implementing it (using the EnableKernelSSL reg key, of course): There are currently a number of restrictions/limitations that might prevent it from being viable for your application -- for instance, it doesn't support client certificates.
There are a few changes to HTTP parsing as well. Some are enhancements to bring HTTP.sys in line with the permissiveness recommended by RFC2616 -- such as permitting a single line feed (LF) terminator for each line of the request. Others are genuine exceptions to normal HTTP 1.1 parsing, that only users with downscale/non-standard HTTP clients to support will want to mess with.
That's about it for now. We'll come back with another post if we run across anything in our empirical testing that is not in the document, that we feel you should know about. Also: feel free to let us know if you have any comments, questions or concerns of your own -- especially if you've already had a look at the SP1 Release Candidate for yourself.