Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Let's use modern protocols everywhere!
1. Let's use modern protocols everywhere!
May 2019
Julien Cayzac
Ecosystem Services Department
Rakuten, Inc.
2. 2
What is the problem?
• Text-based protocol
• Redundant headers ➡ bandwidth waste
• Concurrency? Open many connections! (browsers: 6 sockets/origin)
• Request pipelining? Rarely used (complexity, implementation bugs)
• HOL Blocking ➡ decreased performance to avoid out-of-order responses
• Higher infrastructure cost per request
HTTP/1.1 is an obsolete, inefficient protocol
3. 3
HTTP/2
• Old tech: released in 2015 (RFC 7540)
• Supported by all modern browsers and HTTP frameworks
• Reduces latency, increase concurrency, minimizes protocol overhead
• Designed to reduce webpages loading time by >50%
• Requests/responses multiplexing, streams & server push
• Compatibility with HTTP/1.1 semantics (methods, headers & status codes)
HTTP/2 Highlights
5. 5
HTTP/2
• Supersedes HTTP Pipelining and fixes HOL Blocking problem (only for HTTP)
• Only 1 TCP connection per origin
• Bidirectional & prioritizable streams
Requests & Responses Multiplexing: Streams
6. 6
HTTP/2
• Related resources can be pushed downstream to the client.
• It’s multiplexed too, and pushed promises can be canceled by the client.
Server Push
7. 7
HTTP/2
Frontend UI/UX
• HTTP/2 can improve throughput between backends too!
Backend
• HTTP/1.1 best practices can become HTTP/2 antipatterns. Review your habits!
• CSS sprites, monolithic JS… Same-origin requests are free with HTTP/2!
Mandatory 1st stop: https://developers.google.com/web/fundamentals/
9. 9
TLS/1.3
• Fairly recent (August 2018) but support is growing:
• Enabled by default in Firefox 63, Chrome 70, iOS 12.2 & Android Q.
• Already available in BoringSSL, OpenSSL 1.1.1, JDK 11, …
• Compatible with both TCP & QUIC!
• Better security
• Assured Forward Secrecy, Safe Cipher Modes/Options, …
• Better performance (0-RTT Data)
• Google says establishing a secure connection is 40% faster than with TLS 1.2.
• 0-RTT Data should only be enabled for trusted connections (backend) for now, until safety is assessed.
TLS/1.3 Highlights
10. 10
TLS/1.3
Establishing a connection with
TLS/1.2:
- 1 RT for TCP.
- 2 RT for negotiating TLS.
With 0-RTT Data, data can be
transmitted in the first TLS packet,
decreasing latency.
Handshake: 0-RTT Data
12. 12
HTTP/3
• Expected in 2019
• Replaces TCP with QUIC
• UDP-based, but reliable (packet retries, congestion control, QoS etc)
• Addresses shortcomings of TCP (HOL Blocking problem, 3-RTT, …)
• Less performance degradation when packets are lost.
• 0-RTT Data you can use (➡ safer than in TLS/1.3).
• Streams are transport-level (application-level in HTTP/2).
• Application-level semantics are still the same as in HTTP/2 and HTTP/1.1.
HTTP/3 Highlights