TL;DR What is HTTP/3
HTTP/3 is the latest HTTP protocol version and it enables faster, more secure and more reliable connections between web servers and web browsers. In particular, the most changes are related to connection startup and data transfer of multiple files at the same time, so loading websites with lossy connections is significantly improved. It is expected to become a standard in the coming months.
During the past months, the Covid-19 crisis has forced many of us to work from home and do our learning online, rather than in person. This change made it all too apparent that the Internet is an essential service for all and underlined the importance of the speed and reliability of the connection. Since its advent, the Internet grew tremendously and incredibly quickly and it is only natural that this growth should be matched by improvements in the technologies upon which our networks are built. The latest development in the protocol stack, the introduction of HTTP/3 and the QUIC protocol, aims to improve the way connections are established, introduce better security, reduce latency and significantly improve speeds, especially for situations where the performance is dramatically worse than average (eg. lossy wireless connections).
The history of HTTP
HTTP is an application layer protocol which sits on top of the network stack. It is essentially a set of rules which govern the delivery of web content from web servers to web browsers. Work on HTTP was initiated in CERN in 1989 by Tim Berners-Lee and it has been the standard protocol for data transfer on the World Wide Web ever since. HTTP/1.1, the first notable version of the protocol, was documented in 1997, and the first major revision, HTTP/2, was introduced in 2015. Currently, about 98% of web browsers and 48% of the top 10 million websites support HTTP/2, according to W3Techs. HTTP/3 (formerly, HTTP over QUIC) is the next proposed major revision, which builds upon the improvements of HTTP/2, while maintaining backward compatibility.
A bit of background
Before we dive in and explore the features of HTTP/3 and QUIC protocol which will make the internet better, a short overview of its predecessor is in order. The main improvement which was introduced with HTTP/2 was multiplexing, which enables the concurrent loading of resources over a single TCP connection. It also compresses HTTP headers, which reduces web request sizes, and introduces server push, which enables the serving of resources to the visitor’s browser before they are requested. The goal of all these changes was to overcome the limitations of the TCP protocol, which is used by HTTP/1.1 and HTTP/2. TCP is very reliable due to its multi-step connection establishment with a three-way handshake, enforced order of delivery of packets, and retransmission of lost packets. The sender receives feedback on the delivery and a checksum is used to detect corruption of data. But this added reliability, which made TCP the foremost transport layer protocol today, comes at a cost. The use of handshakes, delivery feedback, checksums and the guaranteed order of packet delivery leads to overhead due to all those roundtrips which may actually be redundant.
So why not change TCP itself? Well, this is not as easy and straightforward as it sounds. TCP has been around since the dawn of the Internet and is implemented in all operating systems and device firmware in use today. If we want significant improvements in speed and reduction of overhead, a new protocol which is not built on TCP is needed.
The QUIC protocol
The QUIC protocol was designed, implemented and deployed by Google in 2012. It builds on the connectionless UDP protocol and is not constrained by the limitations of TCP. QUIC uses streams which share the same connection to transfer data which removes the need for establishing additional connections for multiplexing. An added benefit of the protocol is that streams are delivered independently, so packet loss on one stream does not affect the rest. With HTTP2, if a packet is lost, the whole connection is put on hold while TCP retransmits the packet.
QUIC also provides encryption and authentication by default by combining the three-way handshake with TLS 1.3's handshake. This ensures better security, but also improves the speed of the establishment of a connection. As multiple QUIC streams use one QUIC connection, there is no need for additional handshakes and slow starts, which leads to achieving higher speeds faster. This is possible because QUIC packets are encapsulated on top of UDP datagrams.
QUIC ensures the delivery order of bytes with stream IDs at the packet layer. This order is enforced within a single stream, but it is not guaranteed among different streams. The header compression used in HTTP/2 (HPACK) relies on the ordering of TCP packets and is hence unusable with QUIC. This is one of the reasons QUIC needs a new version of HTTP and cannot just use HTTP/2. Hence, HTTP/3 comes with a new header compression scheme - QPACK, which solves this issue. An additional reason for the creation of a new version of HTTP is the fact that some HTTP/2 features have been implemented in QUIC itself and do not need to be present in the top level protocol anymore.
Who will benefit most from HTTP/3?
While all connections will benefit from the improved startup times and better security HTTP/3 brings, there are some connections which will be drastically improved by the implementation of the new standard. These are the connections with the worst performance, much poorer than average. While they do not represent the majority of traffic, improving them will mean the difference between unusable internet and good speed and usability. A variety of different scenarios may be the cause - the use of aging technology, physical obstructions, network congestion, etc. Where there is high packet loss, there are delays due to the fact that the transactions are not independent in TCP multiplexing and the loss of a single packet means all transactions must wait for retransmission. This is the main issue solved by HTTP/3 and QUIC and that is why poor connections using the new protocol will see the most significant improvements in speeds.
When is HTTP/3 expected to be adopted?
HTTP/3 has been available for more than a year and can be enabled in Google Chrome and Firefox. Many web servers have also started supporting it since mid-2019. Litespeed, our web server of choice for our shared hosting, being among the first. Cloudflare has also supported it for more than a year and just announced they will start enabling it for all websites by default in the coming weeks. Being backward compatible and thoroughly tested by thousands of users, it is considered safe from issues and we expect it will become the standard in 2021.
While HTTP/2 is still young, HTTP/3 is on its way to be widely used. Being an important upgrade, many industry leading players (developing browsers and web servers) are pushing its use in the near future. The expected broader adoption of HTTP/3 means that everyone will have a faster, more secure and reliable web experience.