Definition of Hypertext Transfer Protocol Version 3
Hypertext Transfer Protocol version 3 (HTTP/3) is the 3rd major iteration of the HTTP protocol. HTTP is the cornerstone of the internet.
This version of HTTP solves several problems that HTTP/1.1 and HTTP/2 have in the modern internet.
Brief History of HTTP
HTTP has technically had 5 versions that are recognised:
- HTTP/0.9 was released in 1991 and was very limited in its capabilities - only the GET method and only a path.
- HTTP/1.0 was released in 1996 as an informational RFC from IETF. It was not a standard, but reflects the common usage of HTTP as of 1996. It introduced extensibility in the form of version information (which HTTP version), HTTP headers, and status codes.
- HTTP/1.1 was released in 1997 and is the first HTTP specification that went through standardisation. This is still in use today. One major enhancement that came with HTTP/1.1 was that it introduced the “keep-alive” capability. Up until HTTP/1.1, each request was a separate TCP connection. This was very inefficient, especially when considering how many separate requests are sent for a single modern HTML page.
- HTTP/2 was released in 2015. This was based on work done by Google on what became a IETF draft called SPDY. HTTP/2 started a new path in several areas - these include: its primarily a binary protocol rather than text, it supports multiplexing over a single connection - allowing multiple requests to be sent over a single connection with out-of-order processing, supports compression of both the “headers” as well the body and supports server side push to allow a server to pre-populate (cache) data on the client side.
As of March 2021, according to W3Techs, 50%+ of all websites now support HTTP/2, according to Mozilla Evolution of HTTP by July 2016 W3Techs showed that more than 68% of all requests over the internet were HTTP/2.
- HTTP/3 which as of March 2021 is an “Internet-Draft” is the latest iteration of HTTP.
Only versions from HTTP/1.1 onwards were considered “standards”.
HTTP/3 is the first HTTP specification that is not based on the Transport Control Protocol (TCP) but rather uses QUIC. QUIC is itself based on UDP - UDP along side TCP being one of the original transport protocols for the internet.
HTTP/3 is primarily HTTP/2 redefined using QUIC. This was necessary as some capabilities that are implemented/defined in HTTP/2 are handled by QUIC; some capabilities that were handled by TCP are now part of HTTP/3; and at least compression of the HTTP headers had to be changed to support QUIC's method of multiplexing streams.
Some of the key capabilities of HTTP/3 are:
- Makes streams first-class citizens. HTTP/2 introduced streams, but had the so-called “head of the line block” issue when packets were lost. This is caused by its usage of TCP which requires in-order processing of packets. This meant that if a packet was lost, then all streams within the connect were effected. HTTP/3 removes this issue by its usage of QUIC.
- Reduced handshaking during connection negotiation.
- Is almost entirely encrypted, meaning security should be significantly improved.
- Uses TLS 1.3 by default.
There are some challenges to the adoption of HTTP/3. The diagram below shows the different components that need to support HTTP/3 for an end-to-end scenario to work.
The components that will need to change are:
- Your webservice/application server (ex: Nginx) must support HTTP/3 for this to even start
- So-called middle-boxes like load balancers and deep packet inspection devices (firewalls) need to at least support or allow UDP traffic. Firewalls will have challenges with tracking and applying filtering until they understand HTTP/3 natively.
- Clients (web-browsers, client libraries) - Most of the major web-browsers as of March 2021 have support for HTTP/3 (inclusive Microsoft Edge); although support is currently either turned off by default or only available in the “canary” releases.
These may seem like major roadblocks, but thanks to HTTP/3's compatibility requirements, it will back-off to HTTP over TCP (HTTP/2 or HTTP/1.x) if necessary. The major middle-box manufactures will need to support HTTP/3 just because of who is currently using it, even in its Internet-Draft state.
Market - current adoption
As of March 2021, HTTP/3 according to W3Tech is supported by 10.3% of websites. Some of these websites are of course some of the “big” players who are supporting HTTP/3 - Google, Youtube, Facebook, and WhatsApp.
Most of the major cloud hyperscalers (AWS, Azure, Google) as of March 2021 have support for HTTP/3 in the form of their Network level Load Balancers (NLBs) which support UDP. They do not currently support it in their other types of load balancers - namely Application Load Balancers (ALB); so it cannot be used with some advanced load balancing/routing that is only possible in these.
HTTP/3 as of March 2021 is not a RFC and therefore is still early in its life cycle. It will be the next generation of HTTP, solving several problems that have been around since the original version. It takes a major step in making both clients and servers more efficient with regards to the connection management and when the network between the client and service is not as reliable as desired.
We recommend to assess HTTP/3, plan for it, and see what advantages it brings for your applications and websites.