HTTP/3 in curl - curl up 2022
0 likes189 views
The document discusses the technical details of HTTP/3 and its differences from HTTP/1 and HTTP/2, focusing on its implementation in the curl tool and libcurl. It highlights QUIC, a transport protocol that operates over UDP, offering features like multiplexing and improved handshakes, while also addressing challenges such as failures in QUIC attempts and the experimental nature of HTTP/3. Additionally, the document covers the various backend libraries and APIs needed for building curl with HTTP/3 support.
HTTP/3 in curl - curl up 2022
- 1. in 2022
- 2. Agenda HTTP/3 differs from HTTP/1 and HTTP/2 Build curl to enable HTTP/3 HTTP/3 transfers with the curl tool HTTP/3 transfers with libcurl @bagder
- 3. @bagder
- 4. Improvements in QUIC TCP head of line blocking Faster handshakes Earlier data More encryption, always Future development @bagder
- 5. QUIC on top of UDP TCP and UDP remain “the ones” Use UDP instead of IP Reliable transport protocol - in user-space A little like TCP + TLS @bagder
- 6. Streams! QUIC provides streams Many logical flows within a single connection Similar to HTTP/2 but in the transport layer Independent streams @bagder
- 7. HTTP/1, HTTP/2, HTTP/3 IP TCP TLS 1.2+ HTTP/2 UDP HTTP/3 QUIC IP streams streams connections connections HTTP/1 @bagder TLS 1.3
- 8. HTTP/1, HTTP/2, HTTP/3 IPv4 / IPv6 TCP TLS 1.2+ HTTP/2 UDP HTTP/3 QUIC streams streams connections connections HTTP/1 @bagder TLS 1.3 HTTP Semantics
- 9. Kernel space HTTP/1, HTTP/2, HTTP/3 IPv4 / IPv6 TLS 1.2+ UDP HTTP/3 HTTP/2 streams TCP connections HTTP/1 @bagder QUIC streams connections TLS 1.3 HTTP Semantics header compression header compression server push server push User space
- 10. HTTPS is TCP? HTTPS:// URLs are everywhere TCP (and TLS) on TCP port 443 @bagder
- 11. This service - over there! The Alt-Svc: response header Another host, protocol or port number is the same “origin” This site also runs on HTTP/3 “over there”, for the next NNNN seconds @bagder
- 12. HTTP/3 challenges 3-7% something of all QUIC attempts fail Clients need “fall back” algorithms CPU intensive Unoptimized UDP stacks “Funny” TLS layer All QUIC stacks are user-land No standard QUIC API New tools @bagder
- 13. All browsers support HTTP/3 @bagder
- 14. 28% @bagder HTTP/3 use in Firefox beta 101
- 15. 25% of top websites @bagder
- 16. Build curl with HTTP/3 support @bagder
- 17. HTTP/3 and QUIC support is EXPERIMENTAL @bagder
- 18. Build curl Requires 3rd party libraries for low level Selectable backend, use one out of several choices Quiche, ngtcp2 or msh3 - Different TLS requirements - Different APIs @bagder
- 19. @bagder libcurl backends libidn2 winidn Hyper built-in threaded c-ares sync msh3 ngtcp2 + nghttp3 libssh2 wolfSSH libssh BearSSL Gskit GnuTLS mbedSSL NSS OpenSSL Schannel wolfSSL Secure Transport rustls application HTTP API TLS API IDN API SSH API HTTP/3 API Resolver API Public API libcurl Content encoding API brotli zstd zlib = just one = one or more nghttp2 quiche
- 20. @bagder libcurl backends libidn2 winidn threaded c-ares sync msh3 nghttp3 libssh2 wolfSSH libssh BearSSL Gskit GnuTLS mbedSSL NSS OpenSSL Schannel wolfSSL Secure Transport rustls application HTTP API TLS API IDN API SSH API HTTP/3 API Resolver API Public API libcurl Content encoding API brotli zstd zlib = just one = one or more Hyper built-in nghttp2 quiche BoringSSL libressl AmiSSL
- 21. @bagder libcurl backends libidn2 winidn threaded c-ares sync libssh2 wolfSSH libssh application HTTP HTTP/3 TLS SSH IDN Resolver Public API libcurl Content encoding brotli zstd zlib = just one = one or more Hyper built-in nghttp2 msh3 nghttp3 quiche BearSSL Gskit GnuTLS mbedSSL NSS OpenSSL Schannel wolfSSL Secure Transport rustls BoringSSL libressl AmiSSL
- 22. @bagder libcurl backends libidn2 winidn threaded c-ares sync libssh2 wolfSSH libssh application HTTP HTTP/3 TLS SSH IDN Resolver Public API libcurl Content encoding brotli zstd zlib = just one = one or more Hyper built-in nghttp2 msh3 nghttp3 quiche BearSSL Gskit GnuTLS mbedSSL NSS OpenSSL Schannel wolfSSL Secure Transport rustls BoringSSL libressl AmiSSL
- 24. Using curl with HTTP/3 @bagder
- 25. Looks like HTTP/1! Like HTTP/2, HTTP/3 in curl is made to look like HTTP/1 when curl shows and uses requests, headers and similar. For consistency and easy of use. @bagder
- 26. Run curl --http3 Forces curl to try QUIC and HTTP/3 on the given host name No fallback! --alt-svc <filename/-> Bootstraps into HTTP/3 the “standard way” Takes an additional round-trip (curl might offer shortcut in future) Makes the initial request HTTP/1 or HTTP/2 the “usual way” The alt-svc file format: https://curl.se/docs/alt-svc.html @bagder
- 27. Run curl $ curl –-http3 https://quic.tech:8443/ -v $ curl –-alt-svc alt.txt https://quic.tech:8443/ -v $ curl --version … Features: alt-svc ... HTTP3 ... @bagder
- 28. Works with HTTP/3... Connecting over IPv4 and IPv6 and “Happy eyeballs” Funny host name/DNS tricks like --resolve and friends HTTP GET/PUT/POST requests HTTP header parsing, adding and removing headers Cookies, connection caching, connection re-use etc @bagder
- 29. Lacking in the HTTP/3 department Multiplexing support HTTPS RR Tests and CI builds … and probably more @bagder
- 31. curl is powered by libcurl All the previously mentioned features are in libcurl … with a few more knobs to tweak @bagder
- 35. When ... will curl with HTTP/3 support ship? @bagder
- 36. Ship (like in a distro)? The specs The libs The servers The browsers libcurl The TLS situation Specifications QUIC and HTTP/3 libraries Deployed servers Browser support libcurl TLS situation @bagder
- 37. Ship Specifications QUIC and HTTP/3 libraries libcurl TLS situation @bagder Deployed servers Browser support
- 38. It will take a while @bagder
- 39. HTTP/3 remains EXPERIMENTAL For now @bagder