An important change is happening in the web’s infrastructure: a new version of the Hypertext Transfer Protocol (HTTP) is being gradually deployed. Defined on RFC 91141 by the Internet Engineering Task Force (IETF), the organization responsible for the creation and maintenance of the standards behind the modern internet, HTTP/3 brings significant performance improvements compared to its predecessors, alongside better security.
In this article, we will discuss some of the changes in HTTP/3, and how complex, data-intensive modern applications such as those running on Edge Computing platforms will benefit from them.
A QUIC Overview
HTTP/3 is based on a new transport protocol called QUIC, originally developed by Google. In fact, it was originally called “HTTP/2 Semantics Using The QUIC Transport Protocol”.
The use of QUIC instead of TCP (Transmission Control Protocol), the underlying network protocol used by previous versions, is the biggest change in HTTP/3, and the responsible for the speed and security improvements we will discuss next.
QUIC was developed specifically to address inefficiencies in TCP, and uses UDP (User Datagram Protocol), a connectionless protocol, which means it doesn’t have the overhead of establishing and maintaining connections as TCP does.
Additional features like header compression and independent flow control make it more efficient, and built-in encryption (with TLS 1.3) and congestion control reduce the need for additional security and performance protocols.
Another important, forward-looking feature is that QUIC was designed to prevent “ossification”, the loss of evolvability of network protocols. This phenomenon stalled previous attempts to improve TCP, which led to the decision to replace it altogether, and so, to QUIC.
What Does HTTP/3 Bring to Your Applications and Services?
HTTP/3 Has Better Performance
The use of a more efficient protocol such as QUIC reduces the amount of overhead traffic required to establish and maintain connections, which means less bandwidth and CPU usage are required. This can significantly improve performance, especially for applications that make many small HTTP requests, reduce the cost of running web applications, and improve the user experience.
HTTP/3 also eliminates a problem called head-of-line blocking, where a slow request can block the processing of others behind it. This is done by making better use of a technique called stream multiplexing, which allows multiple HTTP requests to be processed in parallel, even when some requests are slower than others. Multiplexing was already available in HTTP/2, but limitations of the TCP protocol, which were resolved in QUIC, prevented it from living to its full potential.
Specific performance gains related to HTTP/3 are hard to pinpoint since they will vary due to elements such as the architecture of your website or application, where the content is stored, the network connections used when loading the content, and even geographical distance. Some benchmarks, however, point to a 3x performance increase2 when loading content.
HTTP/3 Has Better Security
HTTP/3 adopts version 1.3 of the Transport Layer Security Protocol (TLS 1.3). It uses more secure cryptographic algorithms, including the latest version of the AES cipher, which means it is more resistant to attacks than the algorithms used in previous versions of TLS.
It also eliminates some features that were found to be insecure, such as the renegotiation extension, and compression. Connection metadata is also encrypted, which reduces the chance of “Man in the Middle” (MiTM) attacks, where criminals can intercept and possibly alter communications between two parties.
TLS 1.3 also introduces a feature that helps with performance, called 0-RTT (Zero Round-Trip Time), which allows a client and server to establish a secure connection more quickly. This is possible because the client and server share a pre-shared key, which allows them to establish a secure connection without first performing a full handshake.
HTTP/3 Has Better Support for Mobile Connections
By using UDP and QUIC, HTTP/3 is designed to work well without impacting performance even in environments with high packet loss and low bandwidth, such as mobile connections, when TCP connections can perform poorly.
HTTP/3 also makes use of Connection IDs to ensure that packets are always delivered to the correct endpoints, even when changes occur in the lower protocol layers of the connection (for example, when the IP address of a mobile client changes). This allows the connection to migrate seamlessly between IP addresses and network interfaces.
Thanks to this, an in-progress download can be easily transferred from a cellular network connection to a Wi-Fi connection when it becomes available, with no need for a connection renegotiation when a network change occurs. Less overhead, more efficiency.
What About HTTP/3 Adoption?
It is important to note that the launching of a new version of the HTTP protocol does not mean that usage of previous versions will immediately end, as the upgrade is in no way mandatory. HTTP/3 will likely coexist with previous versions for a long time, but adoption is growing fast3: data from W3Techs point out that 26.6% of the top 100 million websites already support the new protocol.
This is helped by the fact that all major desktop and mobile browsers already support HTTP/3. Google Chrome and Microsoft Edge had support enabled by default in April 2020, and Mozilla Firefox joined one year later, in April 2021. Apple’s Safari was the last holdout: support was implemented in September 2020, but only enabled by default in March 2023.
But don’t worry: if a client without HTTP/3 support tries to connect to an HTTP/3 server, the connection will be automatically made using HTTP/2. So, there is no “downside” to enabling HTTP/3 support on your server or application.
HTTP/3 is a fundamental update to one of the core technologies of the modern web, which addresses longstanding issues with past versions.
Combined with the main benefits of a modern edge computing platform, like lower latency, high availability, and better security, it paves the way for a new generation of faster, more secure web applications. Talk to our experts to know more.