What is the HTTP/3 protocol and why are Chrome and Firefox adding it?
According to web applicatioin security specialists, more and more companies are integrating support for HTTP/3, the next iteration of the HTTP protocol. Among the web browsers that have already joined this update are Google Chrome, Mozilla Firefox, besides Internet security systems like Cloudflare.
In the case of Cloudflare, from this weekend
customers will be able to enable an option on their dashboards to enable HTTP3
support in their domains, the company reported. In other words, when users
visit Cloudflare websites from an HTTP/3-supported client, the connection will
automatically update to the new protocol, leaving previous deployments behind.
Regarding browsers, web application security
experts mention that Chrome Canary has added support for the HTTP/3 protocol
for a couple of weeks now. To turn it on, users should only use a command line.
On the other hand, Mozilla
also announced the inclusion of support for HTTP/3; the release is scheduled
for the end of this fall along with the latest version of Firefox Nightly.
What exactly is
HTTP/3?
HTTP/3, or HTTPv3, will be the next major
version of the HTTP protocol for moving content from servers to clients through
web applications, browsers, mobile apps, and more. For this new release, HTTP full
protocol was rewritten, which uses the QUIC protocol instead of TCP. It also
includes support for TLS.
Web application security specialists mention
that HTTPv3 is the conjunction of different deployments that function as a
single to make website loading faster and using encrypted connections by
default.
To understand HTTP/3, it is important to
understand the OSI network model. By default, HTTP (Layer 7 protocol) uses TCP
(Layer 4) as the basis. In turn, TCP is used to negotiate connections between
client and server and then move data between the two parties, so it is
considered a transport protocol.
However, the TCP protocol was designated in the
1970s, so over time it was proven that it was not designed with transport speed
in mind. Multiple specialists tried to
design a more efficient protocol. Google experts managed to create SPDY, a
protocol that solved some of TCP’s flaws and ultimately officially became
HTTP/2, used on about 40% of all Internet sites today.
Google engineers later discovered that it was
possible to combine various implementations, such as TCP and UDP, for the
creation of a completely new protocol. This was how Quick UPD Internet
Connections (QUIC), a much faster Layer 4 transport protocol, was born.
Simply put, the HTTP/3 protocol is the same as
implementing QUIC inside HTTP, replacing TCP and SPDY at the transport level.
According to web application security specialists at the International Cyber
Security Institute (IICS), HTTPv3 was formally approved from October 2018,
although there is still time for companies to integrate support and adopt its
use. At the moment, approximately 3% of all existing websites have adopted
HTTPv3, so the process could be lengthened.
Gloss