SlideShare a Scribd company logo

HTTP/3 in curl 2020

Daniel Stenberg
Daniel Stenberg

Daniel Stenberg's presentation about HTTP/3 in curl 2020. Done for curl up 2020.

Software
1 of 51
Download to read offline
20202020 DanielStenberg–curlup-May5th ,2020 in curl
Daniel Stenberg @bagderhttps://daniel.haxx.se
How HTTP/3 differs from 1 and 2How HTTP/3 differs from 1 and 2 Build curl to enable HTTP/3Build curl to enable HTTP/3 The TLS situationThe TLS situation HTTP/3 with the curl toolHTTP/3 with the curl tool HTTP/3 with libcurlHTTP/3 with libcurl Remaining issuesRemaining issues WhenWhen @bagder@bagder
This is not my HTTP/3 explanation talk HTTP/3 for everyone (FOSDEM 2020) https://daniel.haxx.se/videos/ @bagder@bagder
@bagder@bagder
Improvements in QUICImprovements in QUIC TCP head of line blockingTCP head of line blocking Faster handshakesFaster handshakes Earlier dataEarlier data More encryption, alwaysMore encryption, always Future developmentFuture development @bagder@bagder
QUIC on top of UDP TCP and UDP remain “the ones”TCP and UDP remain “the ones” Use UDP instead of IPUse UDP instead of IP Reliable transport protocol - inReliable transport protocol - in user-spaceuser-space A little like TCP + TLSA little like TCP + TLS @bagder@bagder
Streams! QUIC provides streamsQUIC provides streams Many logical flows within a single connectionMany logical flows within a single connection Similar to HTTP/2 but in the transport layerSimilar to HTTP/2 but in the transport layer IndependentIndependent streamsstreams @bagder@bagder
@bagder@bagder HTTP/3 = HTTP over QUIC @bagder@bagder
Stacks: old vs new TCP TLS 1.2+ HTTP/2 UDP HTTP/3 QUIC TLS 1.3 IP HTTP/1 @bagder@bagder streams @bagder@bagder
HTTPS is TCP? HTTPS:// URLs are everywhereHTTPS:// URLs are everywhere TCP (and TLS) on TCP port 443TCP (and TLS) on TCP port 443 @bagder@bagder
This service - over there! The Alt-Svc: response header Another host, protocol or port number is the same “origin” This site also runs on HTTP/3 “over there”, for the next NNNN seconds @bagder@bagder
HTTP/3 challenges 3-7% something of all QUIC attempts fail Clients need “fall back” algorithms CPU intensive Unoptimized UDP stacks “Funny” TLS layer All QUIC stacks are user-land No standard QUIC API Lack of tooling @bagder@bagder
Ship date @bagder@bagder 2020?2020?
curl runs in all your devices @bagder@bagder
Work in progress Early days – your help is appreciated HTTP/3 and QUIC support is experimental Things might will change Code is in git master and shipped Only HTTP/3 (not QUIC) is exposed in curl @bagder@bagder
@bagder@bagder Build @bagder@bagder
Build curl Early support aids the protocol community Requires 3rd party libraries for low level Selectable backend, use one out of several choices Quiche or ngtcp2 for now - Different TLS requirements - Very different APIs @bagder@bagder
@bagder@bagder Build curl with quiche https://github.com/cloudflare/quiche Uses BoringSSL (Look at docs/HTTP3.md) You want alt-svc support as well @bagder@bagder
@bagder@bagder Build curl with ngtcp2 (and nghttp3) https://github.com/ngtcp2/ngtcp2 https://github.com/ngtcp2/nghttp3 Uses a patched OpenSSL or GnuTLS from git (Look at docs/HTTP3.md) You want alt-svc support as well @bagder@bagder
@bagder@bagder Why is it called ngtcp2? Jana Iyengar (then at Google) did a QUIC presentation in the HTTP Workshop Stockholm in July 2016 In that presentation, he showed...
@bagder@bagder The TLS situation
The TLS situation (1/2) TLS was made for TCP TLS is sent over TCP as records containing individual messages QUIC uses TLS messages No TLS library support(ed) TLS messages QUIC also needs additional secrets @bagder@bagder
The TLS situation (2/2) @bagder@bagder Frame 0 Message 0 Message 1 Frame 1 Message 2 Message 3TCPTCP Message 0 Message 1 Message 2 Message 3 QUICQUIC
@bagder@bagder BoringSSL Supports QUIC already BoringSSL is really hard for non-Google products to use Quiche uses BoringSSL … and so does Chrome/Edge and some other implementations @bagder@bagder
@bagder@bagder OpenSSL No support in any release, nor git “once the 3.0 release is done, QUIC will become a significant focus of our effort” + “final [3.0] release in early Q4 2020” PR #8797 OpenSSL offers an API similar to the BoringSSL one. https://github.com/openssl/openssl/pull/8797 ngtcp2 uses OpenSSL+8797 … and so does msquic, node.js and more @bagder@bagder
@bagder@bagder GnuTLS Has initial support landed in git ngtcp2 can be built to use it @bagder@bagder
@bagder@bagder Other libraries The other TLS libraries curl supports lack the necessary APIs for QUIC @bagder@bagder
@bagder@bagder curl uses a single TLS lib When built to support QUIC, the same library is used for “normal” TLS.
Use @bagder@bagder
It looks like HTTP/1 As for HTTP/2, HTTP/3 in curl is made to lookmade to look like HTTP/1like HTTP/1 when curl shows requests, headers and similar. For consistency and easy of use. @bagder@bagder
Run curl --http3 Forces curl to try QUIC and HTTP/3 on the given host name No fallback! --alt-svc <filename> Bootstraps into HTTP/3 the “standard way” Requires alt-svc: response headers (several dev servers don’t do those) Takes an additional round-trip Makes the initial request HTTP/1 or HTTP/2 the “usual way” The alt-svc file format: https://curl.haxx.se/docs/alt-svc.html @bagder@bagder
Run curl $ curl –-http3 https://quic.tech:8443/ -v $ curl –-alt-svc alt.txt https://quic.tech:8443/ -v $ curl --version … Features: alt-svc ... HTTP3 ... @bagder@bagder
Works now with HTTP/3 @bagder@bagder HTTP/3 draft-27 Connecting over IPv4 and IPv6 and “Happy eyeballs” Direct or via alt-svc Funny host name/DNS tricks like --resolve and friends HTTP GET and POST requests HTTP header parsing, adding and removing headers Cookies, connection caching, connection re-use etc SSLKEYLOGFILE
HTTP/3 in the curl CI We verify the HTTP/3 builds in every curl commit and PR Both quiche and ngtcp2 Builds only, they don’t run tests yet @bagder@bagder
libcurllibcurl @bagder@bagder
curl is powered by libcurl Previously mentioned features are in libcurl … with a few more knobs to tweak @bagder@bagder
“Force” HTTP/3 @bagder@bagder
Alt-Svc style @bagder@bagder
Check for support @bagder@bagder
Remaining issues right now @bagder@bagder
HTTP/3 is still “experimental” in curl Fallback (happy eyeballs?) https://github.com/curl/curl/wiki/HTTP3 Multiplexing Certificates Trailers Stability Tests Push qlog @bagder@bagder
Upgrading to h3 - long term Tricky HTTP/2 reuses the same connection - easier alt-svc needs cache on disk to be effective Happy eyeballs... @bagder@bagder
When @bagder@bagder
Specifications Ship curl HTTP/3-enabled?Ship curl HTTP/3-enabled? Deployed servers Browser support libcurl TLS libraries QUIC and HTTP/3 libraries @bagder@bagder
@bagder@bagder It will take a while @bagder@bagder
48 You can help!You can help! @bagder@bagder
December 6, 2019December 6, 2019 @bagder@bagder
HTTP/3 Explained https://http3-explained.haxx.se @bagder@bagder
Daniel Stenberg @bagder https://daniel.haxx.se/ Thank you!Thank you! Questions?Questions?

Recommended

HTTP/3 in curl
HTTP/3 in curlHTTP/3 in curl
HTTP/3 in curl
Daniel Stenberg
 
HTTP/3 for everyone
HTTP/3 for everyoneHTTP/3 for everyone
HTTP/3 for everyone
Daniel Stenberg
 
Landing code in curl
Landing code in curlLanding code in curl
Landing code in curl
Daniel Stenberg
 
curl roadmap 2020
curl roadmap 2020curl roadmap 2020
curl roadmap 2020
Daniel Stenberg
 
Testing curl for security
Testing curl for securityTesting curl for security
Testing curl for security
Daniel Stenberg
 
curl better
curl bettercurl better
curl better
Daniel Stenberg
 
HTTP/3 is next generation HTTP
HTTP/3 is next generation HTTPHTTP/3 is next generation HTTP
HTTP/3 is next generation HTTP
Daniel Stenberg
 
common mistakes when using libcurl
common mistakes when using libcurlcommon mistakes when using libcurl
common mistakes when using libcurl
Daniel Stenberg
 

Recommended

HTTP/3 in curl
HTTP/3 in curlHTTP/3 in curl
HTTP/3 in curl
Daniel Stenberg
 
HTTP/3 for everyone
HTTP/3 for everyoneHTTP/3 for everyone
HTTP/3 for everyone
Daniel Stenberg
 
Landing code in curl
Landing code in curlLanding code in curl
Landing code in curl
Daniel Stenberg
 
curl roadmap 2020
curl roadmap 2020curl roadmap 2020
curl roadmap 2020
Daniel Stenberg
 
Testing curl for security
Testing curl for securityTesting curl for security
Testing curl for security
Daniel Stenberg
 
curl better
curl bettercurl better
curl better
Daniel Stenberg
 
HTTP/3 is next generation HTTP
HTTP/3 is next generation HTTPHTTP/3 is next generation HTTP
HTTP/3 is next generation HTTP
Daniel Stenberg
 
common mistakes when using libcurl
common mistakes when using libcurlcommon mistakes when using libcurl
common mistakes when using libcurl
Daniel Stenberg
 
Http3 fullstackfest-2019
Http3 fullstackfest-2019Http3 fullstackfest-2019
Http3 fullstackfest-2019
Daniel Stenberg
 
Getting started with libcurl
Getting started with libcurlGetting started with libcurl
Getting started with libcurl
Daniel Stenberg
 
HTTP/3, QUIC and streaming
HTTP/3, QUIC and streamingHTTP/3, QUIC and streaming
HTTP/3, QUIC and streaming
Daniel Stenberg
 
HTTP/3
HTTP/3HTTP/3
HTTP/3
Daniel Stenberg
 
Just curl it!
Just curl it!Just curl it!
Just curl it!
Daniel Stenberg
 
curl - a hobby project that conquered the world
curl - a hobby project that conquered the worldcurl - a hobby project that conquered the world
curl - a hobby project that conquered the world
Daniel Stenberg
 
DNS over HTTPS
DNS over HTTPSDNS over HTTPS
DNS over HTTPS
Daniel Stenberg
 
Curl with rust
Curl with rustCurl with rust
Curl with rust
Daniel Stenberg
 
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchaginstackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
NETWAYS
 
Re-thinking Performance tuning with HTTP2
Re-thinking Performance tuning with HTTP2Re-thinking Performance tuning with HTTP2
Re-thinking Performance tuning with HTTP2
Vinci Rufus
 
Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9
thaidn
 
XFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnellingXFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnelling
Shakacon
 
Dock ir incident response in a containerized, immutable, continually deploy...
Dock ir incident response in a containerized, immutable, continually deploy...Dock ir incident response in a containerized, immutable, continually deploy...
Dock ir incident response in a containerized, immutable, continually deploy...
Shakacon
 
securing_syslog_onFreeBSD
securing_syslog_onFreeBSDsecuring_syslog_onFreeBSD
securing_syslog_onFreeBSD
webuploader
 
Who Broke My Crypto
Who Broke My CryptoWho Broke My Crypto
Who Broke My Crypto
John Varghese
 
Scapy talk
Scapy talkScapy talk
Scapy talk
Ashwin Patil, GCIH, GCIA, GCFE
 
Demystifying Docker Networking Devoxx MA 2017
Demystifying Docker Networking Devoxx MA 2017Demystifying Docker Networking Devoxx MA 2017
Demystifying Docker Networking Devoxx MA 2017
Imad Hsissou
 
Dos threats and countermeasures
Dos threats and countermeasuresDos threats and countermeasures
Dos threats and countermeasures
n|u - The Open Security Community
 
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTPAltitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Fastly
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forest
SecuRing
 
HTTP/3 over QUIC. All is new but still the same!
HTTP/3 over QUIC. All is new but still the same!HTTP/3 over QUIC. All is new but still the same!
HTTP/3 over QUIC. All is new but still the same!
Daniel Stenberg
 
HTTP/3 in curl - curl up 2022
HTTP/3 in curl - curl up 2022HTTP/3 in curl - curl up 2022
HTTP/3 in curl - curl up 2022
Daniel Stenberg
 

More Related Content

What's hot

HTTP/3
HTTP/3HTTP/3
HTTP/3
Daniel Stenberg
 
Dock ir incident response in a containerized, immutable, continually deploy...
Dock ir incident response in a containerized, immutable, continually deploy...Dock ir incident response in a containerized, immutable, continually deploy...
Dock ir incident response in a containerized, immutable, continually deploy...
Shakacon
 
securing_syslog_onFreeBSD
securing_syslog_onFreeBSDsecuring_syslog_onFreeBSD
securing_syslog_onFreeBSD
webuploader
 
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTPAltitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Fastly
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forest
SecuRing
 

What's hot (20)

Http3 fullstackfest-2019
Http3 fullstackfest-2019Http3 fullstackfest-2019
Http3 fullstackfest-2019
 
Getting started with libcurl
Getting started with libcurlGetting started with libcurl
Getting started with libcurl
 
HTTP/3, QUIC and streaming
HTTP/3, QUIC and streamingHTTP/3, QUIC and streaming
HTTP/3, QUIC and streaming
 
HTTP/3
HTTP/3HTTP/3
HTTP/3
 
Just curl it!
Just curl it!Just curl it!
Just curl it!
 
curl - a hobby project that conquered the world
curl - a hobby project that conquered the worldcurl - a hobby project that conquered the world
curl - a hobby project that conquered the world
 
DNS over HTTPS
DNS over HTTPSDNS over HTTPS
DNS over HTTPS
 
Curl with rust
Curl with rustCurl with rust
Curl with rust
 
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchaginstackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
 
Re-thinking Performance tuning with HTTP2
Re-thinking Performance tuning with HTTP2Re-thinking Performance tuning with HTTP2
Re-thinking Performance tuning with HTTP2
 
Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9
 
XFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnellingXFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnelling
 
Dock ir incident response in a containerized, immutable, continually deploy...
Dock ir incident response in a containerized, immutable, continually deploy...Dock ir incident response in a containerized, immutable, continually deploy...
Dock ir incident response in a containerized, immutable, continually deploy...
 
securing_syslog_onFreeBSD
securing_syslog_onFreeBSDsecuring_syslog_onFreeBSD
securing_syslog_onFreeBSD
 
Who Broke My Crypto
Who Broke My CryptoWho Broke My Crypto
Who Broke My Crypto
 
Scapy talk
Scapy talkScapy talk
Scapy talk
 
Demystifying Docker Networking Devoxx MA 2017
Demystifying Docker Networking Devoxx MA 2017Demystifying Docker Networking Devoxx MA 2017
Demystifying Docker Networking Devoxx MA 2017
 
Dos threats and countermeasures
Dos threats and countermeasuresDos threats and countermeasures
Dos threats and countermeasures
 
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTPAltitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forest
 

Similar to HTTP/3 in curl 2020

http3-quic-streaming-2020-200121234036.pdf
http3-quic-streaming-2020-200121234036.pdfhttp3-quic-streaming-2020-200121234036.pdf
http3-quic-streaming-2020-200121234036.pdf
JunZhao68
 
CSU33012-I-microservices.pdf
CSU33012-I-microservices.pdfCSU33012-I-microservices.pdf
CSU33012-I-microservices.pdf
Ricky Garg
 

Similar to HTTP/3 in curl 2020 (20)

HTTP/3 over QUIC. All is new but still the same!
HTTP/3 over QUIC. All is new but still the same!HTTP/3 over QUIC. All is new but still the same!
HTTP/3 over QUIC. All is new but still the same!
 
HTTP/3 in curl - curl up 2022
HTTP/3 in curl - curl up 2022HTTP/3 in curl - curl up 2022
HTTP/3 in curl - curl up 2022
 
mastering libcurl part 1
mastering libcurl part 1mastering libcurl part 1
mastering libcurl part 1
 
http3-quic-streaming-2020-200121234036.pdf
http3-quic-streaming-2020-200121234036.pdfhttp3-quic-streaming-2020-200121234036.pdf
http3-quic-streaming-2020-200121234036.pdf
 
mastering the curl command line.pdf
mastering the curl command line.pdfmastering the curl command line.pdf
mastering the curl command line.pdf
 
HTTP/2 What's inside and Why
HTTP/2 What's inside and WhyHTTP/2 What's inside and Why
HTTP/2 What's inside and Why
 
03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf
03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf
03_clere-HTTP2 HTTP3 the State of the Art in Our Servers.pdf
 
CouchDB Day NYC 2017: Introduction to CouchDB 2.0
CouchDB Day NYC 2017: Introduction to CouchDB 2.0CouchDB Day NYC 2017: Introduction to CouchDB 2.0
CouchDB Day NYC 2017: Introduction to CouchDB 2.0
 
A New Internet? Introduction to HTTP/2, QUIC and DOH
A New Internet? Introduction to HTTP/2, QUIC and DOHA New Internet? Introduction to HTTP/2, QUIC and DOH
A New Internet? Introduction to HTTP/2, QUIC and DOH
 
HTTP/2 Introduction
HTTP/2 IntroductionHTTP/2 Introduction
HTTP/2 Introduction
 
Http2
Http2Http2
Http2
 
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUICA new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
 
Kubernetes Operability Tooling (GOTO Chicago 2019)
Kubernetes Operability Tooling (GOTO Chicago 2019)Kubernetes Operability Tooling (GOTO Chicago 2019)
Kubernetes Operability Tooling (GOTO Chicago 2019)
 
DevNation Live 2020 - What's new with Apache Camel 3
DevNation Live 2020 - What's new with Apache Camel 3DevNation Live 2020 - What's new with Apache Camel 3
DevNation Live 2020 - What's new with Apache Camel 3
 
What's new with Apache Camel 3? | DevNation Tech Talk
What's new with Apache Camel 3? | DevNation Tech TalkWhat's new with Apache Camel 3? | DevNation Tech Talk
What's new with Apache Camel 3? | DevNation Tech Talk
 
Sword v2 at UKCoRR
Sword v2 at UKCoRRSword v2 at UKCoRR
Sword v2 at UKCoRR
 
Linux HTTPS/TCP/IP Stack for the Fast and Secure Web
Linux HTTPS/TCP/IP Stack for the Fast and Secure WebLinux HTTPS/TCP/IP Stack for the Fast and Secure Web
Linux HTTPS/TCP/IP Stack for the Fast and Secure Web
 
CSU33012-I-microservices.pdf
CSU33012-I-microservices.pdfCSU33012-I-microservices.pdf
CSU33012-I-microservices.pdf
 
Go 1.8 'new' networking features
Go 1.8 'new' networking featuresGo 1.8 'new' networking features
Go 1.8 'new' networking features
 
Tickling CGI Problems (Tcl Web Server Scripting Vulnerability Research)
Tickling CGI Problems (Tcl Web Server Scripting Vulnerability Research)Tickling CGI Problems (Tcl Web Server Scripting Vulnerability Research)
Tickling CGI Problems (Tcl Web Server Scripting Vulnerability Research)
 

More from Daniel Stenberg

More from Daniel Stenberg (11)

mastering libcurl part 2
mastering libcurl part 2mastering libcurl part 2
mastering libcurl part 2
 
curl - openfourm europe.pdf
curl - openfourm europe.pdfcurl - openfourm europe.pdf
curl - openfourm europe.pdf
 
curl experiments - curl up 2022
curl experiments - curl up 2022curl experiments - curl up 2022
curl experiments - curl up 2022
 
curl security - curl up 2022
curl security - curl up 2022curl security - curl up 2022
curl security - curl up 2022
 
The state of curl 2022
The state of curl 2022The state of curl 2022
The state of curl 2022
 
Let me tell you about curl
Let me tell you about curlLet me tell you about curl
Let me tell you about curl
 
The state of curl 2020
The state of curl 2020The state of curl 2020
The state of curl 2020
 
Writing safe and secure code
Writing safe and secure codeWriting safe and secure code
Writing safe and secure code
 
The state of curl 2019
The state of curl 2019The state of curl 2019
The state of curl 2019
 
Säker kod (secure code)
Säker kod (secure code)Säker kod (secure code)
Säker kod (secure code)
 
You know what's cool? Running on a billion devices
You know what's cool? Running on a billion devicesYou know what's cool? Running on a billion devices
You know what's cool? Running on a billion devices
 

Recently uploaded

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
harshavardhanraghave
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
MyIntelliSource, Inc.
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
anilsa9823
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
 

Recently uploaded (20)

Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 

HTTP/3 in curl 2020

  • 3. How HTTP/3 differs from 1 and 2How HTTP/3 differs from 1 and 2 Build curl to enable HTTP/3Build curl to enable HTTP/3 The TLS situationThe TLS situation HTTP/3 with the curl toolHTTP/3 with the curl tool HTTP/3 with libcurlHTTP/3 with libcurl Remaining issuesRemaining issues WhenWhen @bagder@bagder
  • 4. This is not my HTTP/3 explanation talk HTTP/3 for everyone (FOSDEM 2020) https://daniel.haxx.se/videos/ @bagder@bagder
  • 6. Improvements in QUICImprovements in QUIC TCP head of line blockingTCP head of line blocking Faster handshakesFaster handshakes Earlier dataEarlier data More encryption, alwaysMore encryption, always Future developmentFuture development @bagder@bagder
  • 7. QUIC on top of UDP TCP and UDP remain “the ones”TCP and UDP remain “the ones” Use UDP instead of IPUse UDP instead of IP Reliable transport protocol - inReliable transport protocol - in user-spaceuser-space A little like TCP + TLSA little like TCP + TLS @bagder@bagder
  • 8. Streams! QUIC provides streamsQUIC provides streams Many logical flows within a single connectionMany logical flows within a single connection Similar to HTTP/2 but in the transport layerSimilar to HTTP/2 but in the transport layer IndependentIndependent streamsstreams @bagder@bagder
  • 9. @bagder@bagder HTTP/3 = HTTP over QUIC @bagder@bagder
  • 10.
  • 11. Stacks: old vs new TCP TLS 1.2+ HTTP/2 UDP HTTP/3 QUIC TLS 1.3 IP HTTP/1 @bagder@bagder streams @bagder@bagder
  • 12. HTTPS is TCP? HTTPS:// URLs are everywhereHTTPS:// URLs are everywhere TCP (and TLS) on TCP port 443TCP (and TLS) on TCP port 443 @bagder@bagder
  • 13. This service - over there! The Alt-Svc: response header Another host, protocol or port number is the same “origin” This site also runs on HTTP/3 “over there”, for the next NNNN seconds @bagder@bagder
  • 14. HTTP/3 challenges 3-7% something of all QUIC attempts fail Clients need “fall back” algorithms CPU intensive Unoptimized UDP stacks “Funny” TLS layer All QUIC stacks are user-land No standard QUIC API Lack of tooling @bagder@bagder
  • 16. curl runs in all your devices @bagder@bagder
  • 17. Work in progress Early days – your help is appreciated HTTP/3 and QUIC support is experimental Things might will change Code is in git master and shipped Only HTTP/3 (not QUIC) is exposed in curl @bagder@bagder
  • 19. Build curl Early support aids the protocol community Requires 3rd party libraries for low level Selectable backend, use one out of several choices Quiche or ngtcp2 for now - Different TLS requirements - Very different APIs @bagder@bagder
  • 20. @bagder@bagder Build curl with quiche https://github.com/cloudflare/quiche Uses BoringSSL (Look at docs/HTTP3.md) You want alt-svc support as well @bagder@bagder
  • 21. @bagder@bagder Build curl with ngtcp2 (and nghttp3) https://github.com/ngtcp2/ngtcp2 https://github.com/ngtcp2/nghttp3 Uses a patched OpenSSL or GnuTLS from git (Look at docs/HTTP3.md) You want alt-svc support as well @bagder@bagder
  • 22. @bagder@bagder Why is it called ngtcp2? Jana Iyengar (then at Google) did a QUIC presentation in the HTTP Workshop Stockholm in July 2016 In that presentation, he showed...
  • 24. The TLS situation (1/2) TLS was made for TCP TLS is sent over TCP as records containing individual messages QUIC uses TLS messages No TLS library support(ed) TLS messages QUIC also needs additional secrets @bagder@bagder
  • 25. The TLS situation (2/2) @bagder@bagder Frame 0 Message 0 Message 1 Frame 1 Message 2 Message 3TCPTCP Message 0 Message 1 Message 2 Message 3 QUICQUIC
  • 26. @bagder@bagder BoringSSL Supports QUIC already BoringSSL is really hard for non-Google products to use Quiche uses BoringSSL … and so does Chrome/Edge and some other implementations @bagder@bagder
  • 27. @bagder@bagder OpenSSL No support in any release, nor git “once the 3.0 release is done, QUIC will become a significant focus of our effort” + “final [3.0] release in early Q4 2020” PR #8797 OpenSSL offers an API similar to the BoringSSL one. https://github.com/openssl/openssl/pull/8797 ngtcp2 uses OpenSSL+8797 … and so does msquic, node.js and more @bagder@bagder
  • 28. @bagder@bagder GnuTLS Has initial support landed in git ngtcp2 can be built to use it @bagder@bagder
  • 29. @bagder@bagder Other libraries The other TLS libraries curl supports lack the necessary APIs for QUIC @bagder@bagder
  • 30. @bagder@bagder curl uses a single TLS lib When built to support QUIC, the same library is used for “normal” TLS.
  • 32. It looks like HTTP/1 As for HTTP/2, HTTP/3 in curl is made to lookmade to look like HTTP/1like HTTP/1 when curl shows requests, headers and similar. For consistency and easy of use. @bagder@bagder
  • 33. Run curl --http3 Forces curl to try QUIC and HTTP/3 on the given host name No fallback! --alt-svc <filename> Bootstraps into HTTP/3 the “standard way” Requires alt-svc: response headers (several dev servers don’t do those) Takes an additional round-trip Makes the initial request HTTP/1 or HTTP/2 the “usual way” The alt-svc file format: https://curl.haxx.se/docs/alt-svc.html @bagder@bagder
  • 34. Run curl $ curl –-http3 https://quic.tech:8443/ -v $ curl –-alt-svc alt.txt https://quic.tech:8443/ -v $ curl --version … Features: alt-svc ... HTTP3 ... @bagder@bagder
  • 35. Works now with HTTP/3 @bagder@bagder HTTP/3 draft-27 Connecting over IPv4 and IPv6 and “Happy eyeballs” Direct or via alt-svc Funny host name/DNS tricks like --resolve and friends HTTP GET and POST requests HTTP header parsing, adding and removing headers Cookies, connection caching, connection re-use etc SSLKEYLOGFILE
  • 36. HTTP/3 in the curl CI We verify the HTTP/3 builds in every curl commit and PR Both quiche and ngtcp2 Builds only, they don’t run tests yet @bagder@bagder
  • 38. curl is powered by libcurl Previously mentioned features are in libcurl … with a few more knobs to tweak @bagder@bagder
  • 42. Remaining issues right now @bagder@bagder
  • 43. HTTP/3 is still “experimental” in curl Fallback (happy eyeballs?) https://github.com/curl/curl/wiki/HTTP3 Multiplexing Certificates Trailers Stability Tests Push qlog @bagder@bagder
  • 44. Upgrading to h3 - long term Tricky HTTP/2 reuses the same connection - easier alt-svc needs cache on disk to be effective Happy eyeballs... @bagder@bagder
  • 46. Specifications Ship curl HTTP/3-enabled?Ship curl HTTP/3-enabled? Deployed servers Browser support libcurl TLS libraries QUIC and HTTP/3 libraries @bagder@bagder
  • 47. @bagder@bagder It will take a while @bagder@bagder
  • 48. 48 You can help!You can help! @bagder@bagder
  • 49. December 6, 2019December 6, 2019 @bagder@bagder