Daniel Stenberg gave a presentation on HTTP/3 and how to enable it in curl. He discussed how HTTP/3 uses QUIC to improve on HTTP/1 and HTTP/2 by eliminating head of line blocking, enabling faster handshakes and earlier data, and always using encryption. He explained how to build curl with either the Quiche or ngtcp2 libraries to support HTTP/3 and demonstrated commands to test HTTP/3 functionality. While the implementation is still experimental, Stenberg welcomed help from the community to further develop HTTP/3 and QUIC support in curl.
5. How HTTP/3 differs from 1 and 2How HTTP/3 differs from 1 and 2
Build curl to enable HTTP/3Build curl to enable HTTP/3
HTTP/3 with the curl toolHTTP/3 with the curl tool
HTTP/3 with libcurlHTTP/3 with libcurl
@bagder@bagder
7. Improvements in QUICImprovements in QUIC
TCP head of line blockingTCP head of line blocking
Faster handshakesFaster handshakes
Earlier dataEarlier data
More encryption, alwaysMore encryption, always
Future developmentFuture development
@bagder@bagder
8. QUIC on top of UDP
TCP and UDP remain “the ones”TCP and UDP remain “the ones”
Use UDP instead of IPUse UDP instead of IP
Reliable transport protocol - inReliable transport protocol - in
user-spaceuser-space
A little like TCP + TLSA little like TCP + TLS
@bagder@bagder
9. Streams!
QUIC provides streamsQUIC provides streams
Many logical flows within a single connectionMany logical flows within a single connection
Similar to HTTP/2 but in the transport layerSimilar to HTTP/2 but in the transport layer
IndependentIndependent streamsstreams
@bagder@bagder
11. Stacks: old vs new
TCP
TLS 1.2+
HTTP/2
UDP
HTTP/3
QUIC
TLS 1.3
IP
HTTP/1
@bagder@bagder
streams
@bagder@bagder
12. HTTPS is TCP?
HTTPS:// URLs are everywhereHTTPS:// URLs are everywhere
TCP (and TLS) on TCP port 443TCP (and TLS) on TCP port 443
@bagder@bagder
13. This service - over there!
The Alt-Svc: response header
Another host, protocol or port number is the
same “origin”
This site also runs on HTTP/3 “over there”, for
the next NNNN seconds
@bagder@bagder
14. HTTP/3 challenges
3-7% something of all QUIC attempts fail
Clients need “fall back” algorithms
CPU intensive
Unoptimized UDP stacks
“Funny” TLS layer
All QUIC stacks are user-land
No standard QUIC API
Lack of tooling
@bagder@bagder
18. Work in progress
Early days – your help is appreciated
HTTP/3 and QUIC support is experimental
Things might will change
Code is in git master and shipped
@bagder@bagder
19. Build curl
Early support aids the protocol community
Requires 3rd party libraries for low level
Selectable backend, use one out of several choices
Quiche or ngtcp2 for now
- Different TLS requirements
- Very different APIs
@bagder@bagder
20. Build curl with quiche
https://github.com/cloudflare/quiche
Uses BoringSSL
(Look at docs/HTTP3.md)
You probably want alt-svc support as well
@bagder@bagder
21. Build curl with ngtcp2 (and nghttp3)
https://github.com/ngtcp2/ngtcp2
https://github.com/ngtcp2/nghttp3
Uses custom patched OpenSSL
(Look at docs/HTTP3.md)
You probably want alt-svc support as well
@bagder@bagder
22. TLS APIs for QUIC
QUIC uses TLS 1.3 crypto - but differently than TCP uses TLS
ngtcp2 uses a patched OpenSSL
https://github.com/tatsuhiro-t/openssl/tree/quic-draft-22
BoringSSL is a forked version of OpenSSL that already has the necessary
QUIC APIs.
Pull request in progress for OpenSSL: #8797. Different than the patch above.
Offers an API similar to the BoringSSL one.
https://github.com/openssl/openssl/pull/8797
Most other TLS libraries curl supports lack the necessary APIs
@bagder@bagder
24. It looks like HTTP/1
As for HTTP/2, HTTP/3 in curl is made to lookmade to look
like HTTP/1like HTTP/1 when curl shows requests,
headers and similar. For consistency and easy
of use.
@bagder@bagder
25. Run curl
--http3
Forces curl to try QUIC and HTTP/3 on the given host name
No fallback!
--alt-svc <filename>
Bootstraps into HTTP/3 the “standard way”
Requires alt-svc: response headers (several dev servers don’t do those)
Takes an additional round-trip
Makes the initial request HTTP/1 or HTTP/2 the “usual way”
The alt-svc file format: https://curl.haxx.se/docs/alt-svc.html
@bagder@bagder
27. Should work with HTTP/3
Connecting over IPv4 and IPv6 and “Happy eyeballs”
Funny host name/DNS tricks like --resolve and friends
HTTP GET and POST requests
HTTP header parsing, adding and removing headers
Cookies, connection caching, connection re-use etc
@bagder@bagder
28. Lacking in the HTTP/3 implementation
(Areas to join in and help out with)
Multiplexing support
Tests!
File bugs!
@bagder@bagder