ÃÛÌÒTV

Announcements 03-05-2015

Welcome to the Web, HTTP/2

Ashley Call

With the IETF's recentÌýapproval of the HTTP/2 protocol, major browsers and technology experts are hyped about the benefits of a new and improved protocol. HTTP 1.0 has been around since 1999 and, like any sixteen year-old, it’s starting to act up. Although most Internet users are blaming Comcast when they have a slow connection, experts knowÌýthat the first HTTP protocol is outdatedÌýand needs to be replaced in order to improve Internet connectivity.ÌýEnter HTTP/2—a new protocol expected to improve not only the speed of the Internet but also improve Internet security.

HTTP/2 Brings Faster Internet

HTTP/2 will use much of the innovation that was included in Google's protocol SPDY (pronouncedÌýspeedy; pun intended). in order to contribute to HTTP/2, some of the major developments from SPDY will contribute to HTTP/2 and the speed of the new protocol.Ìý, Internet transfer speeds are expected to increaseÌýby more than 20% with HTTP/2. Some users say that even a 30% increase in speed is common. These increased transfer speeds are the result of several changes and improvements to the protocol.

1. HTTP/2Ìýimproves the speed of Internet transfers mainly by utilizing onlyÌýone connection between the browser and the server. This will significantly decrease the timeÌýof each Internet connection because browsers and servers will not have to create new connections every time a request is sent.

2. . Multiplexing will allow browsers to send multiple requests to the server at a time.ÌýOne of the main problems with HTTP 1.0—a problem that not even HTTP 1.1 could resolve—was the "head-of-line blocking" which only allowed a single request to be sent to a server at a time.

3. . Instead of theÌýbrowser-server exchange that existed with HTTP 1.0 (browser to server back to browser, etc.), server push will seek to avoid this back-and-forth by first providing the information the server needs. This will save time on each browser request.

Other notable changes that will improve Internet connection speeds areÌýHTTP/2ÌýbecomingÌýaÌýbinary protocol (instead of textual), and HTTP/2 usingÌýheader compression to reduce overhead.

HowÌýEncryption Fits into HTTP/2

Despite all improvements that HTTP/2 will do for Internet connection speed, the IETF Working Group has thus far neglected to require encryption for the new protocol. According toÌýthis statement by , "HTTP/2 doesn’t require you to use TLS (the standard form of SSL, the Web’s encryption layer), but its higher performance makes using encryption easier, since it reduces the impact on how fast your site seems." Yet, even with this prediction, major browsers such as Google Chrome and Mozilla Firefox have claimed that they will only support HTTP/2 with TLS.

Admins should note that while HTTP/2 does not yet require TLS,Ìýthere are new requirements for when TLS is in use. states that, "Implementations of HTTP/2 MUST use [TLS12] version 1.2 or higher for HTTP/2 over TLS." This requirement will improve the standard of Internet security and encourage admins to update their certificates to the highest TLS protocols.

Another important requirement for HTTP/2 over TLS is that "" SNI, alreadyÌýsupported by newer browsers, improves the efficiencyÌýof SSL Certificates to verify multiple domains.

While the hype for HTTP/2 is great and the promises of a better Internet even greater, the need for encryption shouldÌýstill be a top security priority for all Internet users. As browsers integrate the HTTP/2 protocol, site owners should continue to verify that their SSL Certificates are compliant with the new protocol, and site visitors should continue to trust only sites that are certified by a trusted Certificate Authority.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-27-2024

6 actionable ways to secure the IIoT at every stage

Tracking the progress toward post-quantum cryptography

The state of PQC since the publication of FIPS 203, 204 and 205