Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

HTTP/3 in curl 2020

Daniel Stenberg's presentation about HTTP/3 in curl 2020. Done for curl up 2020.

  • Login to see the comments

HTTP/3 in curl 2020

  1. 1. 20202020 DanielStenberg–curlup-May5th ,2020 in curl
  2. 2. Daniel Stenberg @bagder
  3. 3. How HTTP/3 differs from 1 and 2How HTTP/3 differs from 1 and 2 Build curl to enable HTTP/3Build curl to enable HTTP/3 The TLS situationThe TLS situation HTTP/3 with the curl toolHTTP/3 with the curl tool HTTP/3 with libcurlHTTP/3 with libcurl Remaining issuesRemaining issues WhenWhen @bagder@bagder
  4. 4. This is not my HTTP/3 explanation talk HTTP/3 for everyone (FOSDEM 2020) @bagder@bagder
  5. 5. @bagder@bagder
  6. 6. Improvements in QUICImprovements in QUIC TCP head of line blockingTCP head of line blocking Faster handshakesFaster handshakes Earlier dataEarlier data More encryption, alwaysMore encryption, always Future developmentFuture development @bagder@bagder
  7. 7. QUIC on top of UDP TCP and UDP remain “the ones”TCP and UDP remain “the ones” Use UDP instead of IPUse UDP instead of IP Reliable transport protocol - inReliable transport protocol - in user-spaceuser-space A little like TCP + TLSA little like TCP + TLS @bagder@bagder
  8. 8. Streams! QUIC provides streamsQUIC provides streams Many logical flows within a single connectionMany logical flows within a single connection Similar to HTTP/2 but in the transport layerSimilar to HTTP/2 but in the transport layer IndependentIndependent streamsstreams @bagder@bagder
  9. 9. @bagder@bagder HTTP/3 = HTTP over QUIC @bagder@bagder
  10. 10. Stacks: old vs new TCP TLS 1.2+ HTTP/2 UDP HTTP/3 QUIC TLS 1.3 IP HTTP/1 @bagder@bagder streams @bagder@bagder
  11. 11. HTTPS is TCP? HTTPS:// URLs are everywhereHTTPS:// URLs are everywhere TCP (and TLS) on TCP port 443TCP (and TLS) on TCP port 443 @bagder@bagder
  12. 12. This service - over there! The Alt-Svc: response header Another host, protocol or port number is the same “origin” This site also runs on HTTP/3 “over there”, for the next NNNN seconds @bagder@bagder
  13. 13. HTTP/3 challenges 3-7% something of all QUIC attempts fail Clients need “fall back” algorithms CPU intensive Unoptimized UDP stacks “Funny” TLS layer All QUIC stacks are user-land No standard QUIC API Lack of tooling @bagder@bagder
  14. 14. Ship date @bagder@bagder 2020?2020?
  15. 15. curl runs in all your devices @bagder@bagder
  16. 16. Work in progress Early days – your help is appreciated HTTP/3 and QUIC support is experimental Things might will change Code is in git master and shipped Only HTTP/3 (not QUIC) is exposed in curl @bagder@bagder
  17. 17. @bagder@bagder Build @bagder@bagder
  18. 18. Build curl Early support aids the protocol community Requires 3rd party libraries for low level Selectable backend, use one out of several choices Quiche or ngtcp2 for now - Different TLS requirements - Very different APIs @bagder@bagder
  19. 19. @bagder@bagder Build curl with quiche Uses BoringSSL (Look at docs/ You want alt-svc support as well @bagder@bagder
  20. 20. @bagder@bagder Build curl with ngtcp2 (and nghttp3) Uses a patched OpenSSL or GnuTLS from git (Look at docs/ You want alt-svc support as well @bagder@bagder
  21. 21. @bagder@bagder Why is it called ngtcp2? Jana Iyengar (then at Google) did a QUIC presentation in the HTTP Workshop Stockholm in July 2016 In that presentation, he showed...
  22. 22. @bagder@bagder The TLS situation
  23. 23. The TLS situation (1/2) TLS was made for TCP TLS is sent over TCP as records containing individual messages QUIC uses TLS messages No TLS library support(ed) TLS messages QUIC also needs additional secrets @bagder@bagder
  24. 24. The TLS situation (2/2) @bagder@bagder Frame 0 Message 0 Message 1 Frame 1 Message 2 Message 3TCPTCP Message 0 Message 1 Message 2 Message 3 QUICQUIC
  25. 25. @bagder@bagder BoringSSL Supports QUIC already BoringSSL is really hard for non-Google products to use Quiche uses BoringSSL … and so does Chrome/Edge and some other implementations @bagder@bagder
  26. 26. @bagder@bagder OpenSSL No support in any release, nor git “once the 3.0 release is done, QUIC will become a significant focus of our effort” + “final [3.0] release in early Q4 2020” PR #8797 OpenSSL offers an API similar to the BoringSSL one. ngtcp2 uses OpenSSL+8797 … and so does msquic, node.js and more @bagder@bagder
  27. 27. @bagder@bagder GnuTLS Has initial support landed in git ngtcp2 can be built to use it @bagder@bagder
  28. 28. @bagder@bagder Other libraries The other TLS libraries curl supports lack the necessary APIs for QUIC @bagder@bagder
  29. 29. @bagder@bagder curl uses a single TLS lib When built to support QUIC, the same library is used for “normal” TLS.
  30. 30. Use @bagder@bagder
  31. 31. It looks like HTTP/1 As for HTTP/2, HTTP/3 in curl is made to lookmade to look like HTTP/1like HTTP/1 when curl shows requests, headers and similar. For consistency and easy of use. @bagder@bagder
  32. 32. Run curl --http3 Forces curl to try QUIC and HTTP/3 on the given host name No fallback! --alt-svc <filename> Bootstraps into HTTP/3 the “standard way” Requires alt-svc: response headers (several dev servers don’t do those) Takes an additional round-trip Makes the initial request HTTP/1 or HTTP/2 the “usual way” The alt-svc file format: @bagder@bagder
  33. 33. Run curl $ curl –-http3 -v $ curl –-alt-svc alt.txt -v $ curl --version … Features: alt-svc ... HTTP3 ... @bagder@bagder
  34. 34. Works now with HTTP/3 @bagder@bagder HTTP/3 draft-27 Connecting over IPv4 and IPv6 and “Happy eyeballs” Direct or via alt-svc Funny host name/DNS tricks like --resolve and friends HTTP GET and POST requests HTTP header parsing, adding and removing headers Cookies, connection caching, connection re-use etc SSLKEYLOGFILE
  35. 35. HTTP/3 in the curl CI We verify the HTTP/3 builds in every curl commit and PR Both quiche and ngtcp2 Builds only, they don’t run tests yet @bagder@bagder
  36. 36. libcurllibcurl @bagder@bagder
  37. 37. curl is powered by libcurl Previously mentioned features are in libcurl … with a few more knobs to tweak @bagder@bagder
  38. 38. “Force” HTTP/3 @bagder@bagder
  39. 39. Alt-Svc style @bagder@bagder
  40. 40. Check for support @bagder@bagder
  41. 41. Remaining issues right now @bagder@bagder
  42. 42. HTTP/3 is still “experimental” in curl Fallback (happy eyeballs?) Multiplexing Certificates Trailers Stability Tests Push qlog @bagder@bagder
  43. 43. Upgrading to h3 - long term Tricky HTTP/2 reuses the same connection - easier alt-svc needs cache on disk to be effective Happy eyeballs... @bagder@bagder
  44. 44. When @bagder@bagder
  45. 45. Specifications Ship curl HTTP/3-enabled?Ship curl HTTP/3-enabled? Deployed servers Browser support libcurl TLS libraries QUIC and HTTP/3 libraries @bagder@bagder
  46. 46. @bagder@bagder It will take a while @bagder@bagder
  47. 47. 48 You can help!You can help! @bagder@bagder
  48. 48. December 6, 2019December 6, 2019 @bagder@bagder
  49. 49. HTTP/3 Explained @bagder@bagder
  50. 50. Daniel Stenberg @bagder Thank you!Thank you! Questions?Questions?