HTTP 2.0 just a knob to improve your UX for free Yannick Koechlin, Data Engineer, Tamedia Digital 

agenda • Whats wrong with http/1.1 • How to win with TLS • H2 Protocol • H2 new features • How to switch to H2 

Basis RFC7540 : Hypertext Transfer Protocol Version 2 (HTTP/2) RFC7541 : HPACK: Header Compression for HTTP/2 https://hpbn.co/ High Performance Browser Networking Book 

http/1.1 problems: Header Bloat • No compression • 1-3kb (!!!) per request, 20min.ch: 400-600 requests Head of line blocking • 6 TCP Connections per Origin ( 6x protocol overhead) • Breaks TCP • http pipelining never took off, disabled 

http 1.1 “clever” fixes: Inlining & spriting • Duplicate ressources • No cache • Breaks priorization Concatenation • Ships to much, bad cache control • Cache invalidation expensive • Delayed execution! (needs full .js / .css) Domain sharding • Chrome limits to less than 10 parallel images • Use max 2 http://perf.fail/post/96104709544/zealous-sharding-hurts-etsy-performance 

Head of line blocking in practice: ricardo.ch via www.webpagetest.org (Chrome, Frankfurt) 

No content

Ca 2011: a google engineers discovers the http/1.1 scapegoat 

Http/2 aka H2: the Highlights • same semantics as Http/1.1 ! • Binary Protocol • TLS Required (in practice) • Header compression (HPACK & Tables ) • Only 1 TCP Connection, many streams • Flow Control • Push Promises 

http/1.1 vs http/2.0 only change: Format (Framing) and Transport. all existing applications CAN be delivered over http/2.0 without modification. 

Relevance 

No content

TLS - the good parts • HTTPS protects the integrity of the website • HTTPS protects the privacy and security of the user • HTTPS enables new powerful features on the web (users geolocation, taking pictures, recording video, enabling offline app experiences ) https://developers.google.com/web/updates/2016/04/geolocation-on-secure-contexts-only https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/ 

what are the reason you can not or do not want to use SSL / SSL Only on your site TODAY? 

TLS – the hard parts • Its crypto and i’m scared • Additional Roundtrips • Computations is expensive • Cert Invalidation lookups takes time • Suboptimal default server config 

TLS -> +2 RTT? https://hpbn.co/transport-layer-security-tls/ 

TLS False Start TLS Protocol extension Modifies timing to already send Application Data while last Hand Shake RT is in flight Restrictions by browsers: Protocol announcement ALPN (Chrome and Firefox) Ciphers with forward secrecy (Safari) 

Session Resumption session caching: Session Identifiers (RFC 5246) since SSL 2.0 • Server needs storage stateless resumption: "Session Ticket" (RFC 5077) • Server encyrpts session settings, client saves them • No server storage • Still loadbalancers need to be initializedwiththe same key https://github.com/vincentbernat/rfc5077 tool for testing 

Certificate revokation Revokation lists Online Certificate Status Protocol (OCSP) • CA can be queried, can add 350ms (!) latency and fails 15/100 https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/ OCSP Stapling: • Server makes OSCP request, gets signed • Server sends data within the handshake • config setting in your server 

TLS Record size TLS Records have framing overhead TLS Blocks can only be consumed in full => Blocks that span TCP Segments might be delayed Small records incur overhead, large records incur latency => Dynamic record sizing, see isTLSfastYet.com for support 

ECC Elliptic curve cryptography ECDSA Certs (Let’s encrypt will support them in August) 256bit: RSA: 15360bit vs. EC: 521bit https://www.symantec.com/content/en/us/enterprise/white_papers/b-wp_ecc.pdf https://blog.cloudflare.com/ecdsa-the-digital-signature-algorithm-of-a-better-internet/ 

ECDHE-ECDSA Support Desktop Browsers installed on Windows Vista or OS X 10.6 or later: • Internet Explorer 7 • Firefox 2 • Opera 8 (with TLS 1.1 enabled) • Google Chrome v5.0.342.0 • Safari 2.1 Mobile Browsers • Mobile Safari for iOS 4.0 • Android 3.0 (Honeycomb) and later • Windows Phone 7 https://support.cloudflare.com/hc/en-us/articles/203041594-What-browsers-work-with-CloudFlare-s-SSL-certificates- 

Recap: the 6 easy steps to win at TLS 1. False Start (should be ok automatically) 2. Session Resumption. (server switch) 3. Dynamic Record Sizing (server switch) 4. Enable OSCP Stapling (server config) 5. Latest TCP stack (Linux 3.0.0: 10 Segment initial TCP window) 6. Pin Ciphers, prefer ECC (server config) 7. ECDSA Certs if possible or just go to https://mozilla.github.io/server-side-tls/ssl-config-generator/ 

Other things you should be aware of HSTS: Transport-Security: max-age=86400 HTTP Public Key Pinning (HPKP) Content-Security-Policy Upgrade all requests HTTPS. Content-Security-Policy-Report-Only : report violations to an endpoint 

complete list of TLS performance problems: 1.it is not used widely enough. ( Everything else can be optimized. ) Visit isTLSfastYet.com: 

Now finally on to H2 

Protocol upgrade • Upgrade via Application-Layer Protocol Negotiation (ALPN) extension of TLS • Server Name Indication (SNI) • Upgrade header for plaintext specified but not implemented 

rfc7540 on TLS: TLS 1.2* or higher required, => TLS 1.3 Server Name Indication (SNI) With TLS 1.2: Disabled (TLS) compression Disable renegotiation Minimum requerements on Key sizes Blacklisted Ciphers 

H2 (Frame) Header Length (24) 

H2 frame types 0x0 DATA (payload as in http/1.1) 0x1 HEADER (HPACK compressed http headers) 0x2 PRIORITY (tell peer which streams to priorize) 0x3 RST_STREAM (terminate a stream) 0x4 SETTINGS - one MUST be sent at the beginning (empty for ACK). PER CONNECTION 0x5 PUSH_PROMISE (opens a stream from the sender) 0x6 PING (has priority!) 0x7 GOAWAY (shutdown connection) 0x8 WINDOW_UPDATE (for flow-control of DATA frames, per stream or per Connection) 0x9 CONTINUATION ( more 0x1 HEADER) 

settings SETTINGS_HEADER_TABLE_SIZE SETTINGS_ENABLE_PUSH SETTINGS_MAX_CONCURRENT_STREAMS SETTINGS_INITIAL_WINDOW_SIZE SETTINGS_MAX_FRAME_SIZE SETTINGS_MAX_HEADER_LIST_SIZE 

Pseudo headers Start with ”:” ( 0x3a ) Clearly defined Set per Request type Request: • :method • :scheme • :authority (host & port, no userinfo) • :path Response: • :status 

Header Compression: HPACK RFC7540 Designed for • security ( CRIME & BREACH attacks) • fast & cheap de-/encoding • receiver control over compression context • Proxy re-indexing • quick comparisons of huffman-encoded strings • References: Static & Dynamic Table • Ordering of headers preserved 

non-idempotent request retry Via GOAWAY or REFUSED_STREAM + RST_STREAM the server can inform the client that a request was not processed It is safe to retry these requests 

Server Push Promises • Same as normal response • Must be cacheable • It is not possible to push a response to a request that includes a request body. (headers are specified) • Servers can become intelligent! (CASPER in h2o ) • Client can control or disable it https://h2o.examp1e.net/configure/http2_directives.html https://webtide.com/http2-push-with-experimental-servlet-api/ 

Flow Control • Global Window ( simple integer value) • Every stream also has a window • Window: How many octets of data is the sender permitted to transmit • 0x8 WINDOW_UPDATE Frame: send N more bytes 

Typical H2 Flow (simplified) Client: Get /index.html 1. Server Stream 1: http headers for index html 2. Server: Push Promise for each asset in index.html 3. Server: http headers for each of the assets Server: Data Frames for Stream 1 (highest prio) Server: Other data frames with respective prio 

Impact on API design HTTP2 API calls get as cheap as binary RPC calls ! Prediction most future APIs will use H2 You get API clients for free (e.g. curl!) Example SQL: Header Compression Table can be used in creative ways: Store SQL Prepared statements in a Header, transfer only variables! 

Step 1: Enable 1.Check SSL Config 2.Enable it in your load-balancer 3.Profit! 

http/2.0 behind h2o webserver In frankfurt http/1.1 

Step 2: Make it shine: • “Remove” domain sharding (e.g. via alt names in your Cert + CNAME) • Remove your asset pipeline (and think about caching) • Remove all Inlining • Add Preconnect Hints in your Application Server * • Pimp your H2 Server (priorization, server push etc). • Innovate & find new patterns * Add a Link: Http header that refers to the assets to load Enables CASPER (Cache aware server push): https://h2o.examp1e.net/configure/http2_directives.html#http2-casper 

What comes after H2? QUIC: https://en.wikipedia.org/wiki/QUIC Multiplexed Encrypted Connections over UDP with 0 RTT Goal 

Thank you! [email protected] @yawniek 

I can haz websockets again? -Polling is cheap again! -Promises to the rescue: -Save bandwidth by poll your local cache! -On event: push cache invalidation -OR: -EventSource API http://caniuse.com/#feat=eventsource 

Upgrade Path - Add H2, measure remaining http/1.1 traffic - Remove asset pipeline, add ressource hints & go fully h2 - Loop remaining http/1.1 traffic trough special proxy - Start optimizing for h2