HTTP/3 is latest upcoming version of the HTTP (Hypertext Transfer Protocol). HTTP is used to exchange information on the World Wide Web (WWW). HTTP protocols keep improving to deliver better internet services, and it’s the 3rd-time since it was evolved for the first time in 1989-1991. Since then, HTTP has undergone many changes and evolutions that have helped maintain its simplicity while shaping its flexibility.
HTTP was first used for simple world wide web applications. It was built over the existing TCP and IP protocols. It consisted of 4 building blocks as following,
- HTML – HyperText Markup Language for hypertext documents
- HTTP – For transfer of those HTML documents
- WWW browser – To display the content of those documents
- HTTPD – Server to give access to those documents.
Upgraded HTTP1.1 is still a widely used version of this protocol. But every time technology evolves, older standards and protocols sometimes fail to deliver the required facility, so they get improved and upgraded. In the last journey of HTTP, we have recently seen the HTTP2 version. It is Google’s SPDY protocol which came out in 2015. It was introduced to resolve the rising performance-related issues in previous versions. It was mainly targeted to handle more complex web pages and made robust communication headers with binary data. And now the era of HTTP/3 is just to begin.
What is HTTP/3 ?
HTTP/3 is an Internet-Draft adopted by the QUIC working group introduced as Internet-Drafts in July 2021. The latest evolution in HTTP with QUIC (Quick UDP Internet Connection) as the transport layer. To reduce the time required in handshake processes using TCP/TLS, QUIC needs a single handshake to establish a secure session. The HTTPv3 QUIC layer still runs on an encrypted transport protocol.
Difference between HTTP/3 and HTTP/2
The main difference between HTTP/3 and HTTP/2 is that HTTP/3 uses QUIC as a transport layer protocol to handle data stream, where HTTP/2 uses TCP to handles streams in the HTTP layer. The following image differentiates between both of them shown in the next picture.
HTTP/3 has a much faster handshake to establish a secure session compared to HTTP/2, which achieves this using TCP and TLS.
Lastly, HTTP/3 can only be implemented securely and encrypted, while the HTTP/2 version can be implemented in both unsecured HTTP and secure HTTPS.
Benefits of HTTP/3
- With QUIC in HTTP/3 protocol, only required fields in the network segment are unencrypted, and the rest of the information is encrypted by default. This helps prevent pervasive monitoring attacks.
- It provides a reliable stream abstraction for the TLS to send and receive messages through the QUIC.
- Every time a user initiate session, a new unique session key is created, and it has nothing to do with the previous session key. By using a separate session key for each transaction, any information from earlier or future sessions cannot be compromised even if any session key is compromised.
- QUIC uses short-lived source address tokens; the time window of a successful IP spoofing attack will be practically almost impossible.
- Quicker handshake compared to HTTP/2.
Even after it is not fully released, it is only introduced as a draft. HTTP/3 is becoming the standard protocol, and the version has already seen a huge roll into browsers. HTTP/3 will be released after its successful evaluations of the remaining issues in its draft.
For now, it is supported by all major internet browsers, such as Google Chrome, which has supported HTTP/3 since build 79 was released in 2019. The latest Litespeed servers are among the first servers to make widespread availability of this protocol in the web hosting world.