Learn about Centmin Mod LEMP Stack today
Become a Member

Cloudflare Cloudflare's QUIC and HTTP/3

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Kuro, Sep 6, 2019.

  1. Kuro

    Kuro Member

    80
    10
    8
    Feb 8, 2018
    Ratings:
    +17
    Local Time:
    8:22 PM
    1.15.10
    10.3
    I just received an email from Cloudflare.
    Basically, the browser still displays as the H2 protocol.
    (Pro plan) :D

    upload_2019-9-6_19-56-20.png
    upload_2019-9-6_19-51-1.png
     
    • Informative Informative x 1
  2. eva2000

    eva2000 Administrator Staff Member

    43,132
    9,792
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,122
    Local Time:
    11:22 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Sweet thanks for the heads up :D :cool:
     
  3. negative

    negative Active Member

    380
    45
    28
    Apr 11, 2015
    Ratings:
    +88
    Local Time:
    3:22 PM
    1.9.10
    10.1.11
    I'm still at waitlist even i join the waitlist for a long time :( Hope it will be perfect for websites.
     
    • Agree Agree x 1
  4. BamaStangGuy

    BamaStangGuy Premium Member Premium Member

    637
    187
    43
    May 25, 2014
    Ratings:
    +258
    Local Time:
    7:22 AM
    • Like Like x 1
  5. negative

    negative Active Member

    380
    45
    28
    Apr 11, 2015
    Ratings:
    +88
    Local Time:
    3:22 PM
    1.9.10
    10.1.11
    They activated for me too and I've enabled.

    But i see the protocol is still same like H2
    Why i can't see the my page calls as quic on protocol tab at the console ?

    (google and its products like analytics codes looks quic already)
     
  6. eva2000

    eva2000 Administrator Staff Member

    43,132
    9,792
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,122
    Local Time:
    11:22 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    HTTP/3 QUIC support is client dependent. So you web browser needs to support it too. Right now only Google Chrome Canary 78+ supports gQUIC google's version of QUIC and not same as Cloudflare's HTTP/3 over QUIC with is using IETF draft not Google's gQUIC it via optional flag
    Code:
    --enable-quic --quic-version=h3-23
    Other clients like curl have experimental support in curl 7.66+ dev versions if you build with HTTP/3 support for testing your site.

    I built my own custom curl 7.67 dev binary with Cloudflare Quiche (QUIC library) with HTTP/3 h3-23 draft + BoringSSL to enable support for HTTP/3 h3-23 IETF testing against Cloudflare's HTTP/3 QUIC enabled sites :)

    Code (Text):
    curl-http3 -V
    curl 7.67.0-DEV (x86_64-pc-linux-gnu) libcurl/7.67.0-DEV BoringSSL zlib/1.2.11 brotli/1.0.7 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 quiche/0.1.0-alpha4
    Release-Date: [unreleased]
    Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
    Features: alt-svc AsynchDNS brotli HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Largefile libz NTLM NTLM_WB PSL SSL UnixSockets
    

    curl tests against some HTTP/3 QUIC h3-23 draft enabled sites where you notice key indicators for HTTP/3 QUIC

    the draft version the curl client sent request for
    Code (Text):
    Sent QUIC client Initial, ALPN: h3-23
    

    and
    Code (Text):
    HTTP/3 200

    cloudflare-quic.com
    Code (Text):
    curl-http3 --http3 -4Iv https://cloudflare-quic.com
    *   Trying 104.20.106.50:443...
    * Sent QUIC client Initial, ALPN: h3-23
    * h3 [:method: HEAD]
    * h3 [:path: /]
    * h3 [:scheme: https]
    * h3 [:authority: cloudflare-quic.com]
    * h3 [user-agent: curl/7.67.0-DEV]
    * h3 [accept: */*]
    * Using HTTP/3 Stream ID: 0 (easy handle 0x55ee98c45e60)
    > HEAD / HTTP/3
    > Host: cloudflare-quic.com
    > user-agent: curl/7.67.0-DEV
    > accept: */*
    >
    < HTTP/3 200
    HTTP/3 200
    < date: Thu, 26 Sep 2019 01:47:35 GMT
    date: Thu, 26 Sep 2019 01:47:35 GMT
    < content-type: text/html
    content-type: text/html
    < content-length: 106072
    content-length: 106072
    * Added cookie __cfduid="d3d016fd2063af06f1f06e7b9f774e1fd1569462455" for domain cloudflare-quic.com, path /, expire 1600998455
    < set-cookie: __cfduid=d3d016fd2063af06f1f06e7b9f774e1fd1569462455; expires=Fri, 25-Sep-20 01:47:35 GMT; path=/; domain=.cloudflare-quic.com; HttpOnly; Secure
    set-cookie: __cfduid=d3d016fd2063af06f1f06e7b9f774e1fd1569462455; expires=Fri, 25-Sep-20 01:47:35 GMT; path=/; domain=.cloudflare-quic.com; HttpOnly; Secure
    < alt-svc: h3-23=":443"; ma=86400
    alt-svc: h3-23=":443"; ma=86400
    < expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    < server: cloudflare
    server: cloudflare
    < cf-ray: 51c1921aeadcc5f0-EWR
    cf-ray: 51c1921aeadcc5f0-EWR
    * Connection #0 to host cloudflare-quic.com left intact
    

    litespeedtech.com
    Code (Text):
    curl-http3 --http3 -4Iv https://www.litespeedtech.com
    *   Trying 52.55.120.73:443...
    * Sent QUIC client Initial, ALPN: h3-23
    * h3 [:method: HEAD]
    * h3 [:path: /]
    * h3 [:scheme: https]
    * h3 [:authority: www.litespeedtech.com]
    * h3 [user-agent: curl/7.67.0-DEV]
    * h3 [accept: */*]
    * Using HTTP/3 Stream ID: 0 (easy handle 0x560456499e60)
    > HEAD / HTTP/3
    > Host: www.litespeedtech.com
    > user-agent: curl/7.67.0-DEV
    > accept: */*
    >
    < HTTP/3 200
    HTTP/3 200
    < x-powered-by: PHP/7.3.5
    x-powered-by: PHP/7.3.5
    < x-logged-in: False
    x-logged-in: False
    < x-content-powered-by: K2 v2.7.1 (by JoomlaWorks)
    x-content-powered-by: K2 v2.7.1 (by JoomlaWorks)
    < content-type: text/html; charset=utf-8
    content-type: text/html; charset=utf-8
    < expires: Wed, 17 Aug 2005 00:00:00 GMT
    expires: Wed, 17 Aug 2005 00:00:00 GMT
    < last-modified: Wed, 25 Sep 2019 18:14:30 GMT
    last-modified: Wed, 25 Sep 2019 18:14:30 GMT
    < cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    < pragma: no-cache
    pragma: no-cache
    < etag: "5433628-1569435270;;;"
    etag: "5433628-1569435270;;;"
    < vary: Accept-Encoding
    vary: Accept-Encoding
    < x-lsadc-cache: hit
    x-lsadc-cache: hit
    < date: Thu, 26 Sep 2019 01:46:45 GMT
    date: Thu, 26 Sep 2019 01:46:45 GMT
    < server: LiteSpeed
    server: LiteSpeed
    < alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-23=":443"; ma=2592000
    alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-23=":443"; ma=2592000
    * Connection #0 to host www.litespeedtech.com left intact
    
     
  7. negative

    negative Active Member

    380
    45
    28
    Apr 11, 2015
    Ratings:
    +88
    Local Time:
    3:22 PM
    1.9.10
    10.1.11
    Oh so firstly i need built the curl on server side for support h3 quic.
    Actually i'm using chrome canary 79 but i didn't set that feature or it naturally supports, i don't understand.

    However, i'm confused about that. Currently i don't have ssl certificate on server side, i'm using professional dedicated certificate by cloudflare at this time. Is this h3 quic related with ssl on server side too ?
     
  8. eva2000

    eva2000 Administrator Staff Member

    43,132
    9,792
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,122
    Local Time:
    11:22 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    If cloudflare activated HTTP/3 QUIC for your domain then you don't need to do anything if you're using cloudflare HTTPS/SSL.

    HTTP/3 QUIC is still in development so not final only drafts so no clients support it really for IETF QUIC version compared to Google's sites gQUIC version which Chrome supports. Basically, Cloudflare enabled it so customers are beta testers for the developing HTTP/3 QUIC standard. Majority of visitors and their client's (browsers) won't be connecting to Cloudflare HTTP/3 QUIC enabled sites but HTTP/2 for now.
     
  9. negative

    negative Active Member

    380
    45
    28
    Apr 11, 2015
    Ratings:
    +88
    Local Time:
    3:22 PM
    1.9.10
    10.1.11
    Yes but, why i can't see the http 3 quic enabled on chrome console ? protocol looks h2 still.

    I'm using cloudflare dedicated ssl
    professional plan
    http3 quic enabled
    google chrome canary 79
     
  10. eva2000

    eva2000 Administrator Staff Member

    43,132
    9,792
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,122
    Local Time:
    11:22 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    • Chrome Canary with optional flags enable support for HTTP/3 Google's version of QUIC called gQUIC with h3-23 draft
    • But Cloudflare HTTP/3 over QUIC uses IETF version of QUIC with h3-23 draft but it's different from Google qUIC
    • Both client (browser) and web server (cloudflare) need to use same version of HTTP/3 QUIC which isn't happening during HTTP/3 QUIC development as everyone is developing IETF QUIC version but Google browser is doing their own gQUIC right now when in development. I believe when HTTP/3 QUIC final version is announced, Google probably will switch to support IETF QUIC I suspect.
    • So yes right now Cloudflare HTTP/3 QUIC IETF isn't much use for anyone unless you're developing or testing client support i.e. browsers, curl and other tools.
    QUIC - Wikipedia

     
  11. eva2000

    eva2000 Administrator Staff Member

    43,132
    9,792
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,122
    Local Time:
    11:22 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    See The Road to QUIC

    Cloudflare (ngx_quic nginx module internally being developed) and I suspect Nginx 1.17 mainline web server are developing HTTP/3 over QUIC IETF version.
     
  12. eva2000

    eva2000 Administrator Staff Member

    43,132
    9,792
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,122
    Local Time:
    11:22 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Ah another point at HTTP/3: the past, the present, and the future

    need to reload page a few times to get HTTP/3 too

    http2+quic/99 = HTTP/3
     
  13. negative

    negative Active Member

    380
    45
    28
    Apr 11, 2015
    Ratings:
    +88
    Local Time:
    3:22 PM
    1.9.10
    10.1.11
    I run the following command for add the h3 support my google chrome canary and my website now works on http/3 . I confirm it from DevTools of chrome.

    Code (Text):
    /Applications/Google\ Chrome\ Canary.app/Contents/MacOS/Google\ Chrome\ Canary --enable-quic --quic-version=h3-23
     
    Last edited: Sep 27, 2019
  14. rdan

    rdan Well-Known Member

    4,863
    1,160
    113
    May 25, 2014
    Ratings:
    +1,740
    Local Time:
    9:22 PM
    Mainline
    10.2
    I've tested my very small site with Cloudflare QUIC and HTTP/3 enabled.
    On Canary and Regular Chrome, and I don't see any speed improvement (with disable cache page load).
     
    • Agree Agree x 1
  15. eva2000

    eva2000 Administrator Staff Member

    43,132
    9,792
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,122
    Local Time:
    11:22 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    make sure to test subsequent page loads which is where HTTP/3 has more benefit

    using webpagetest.org advance options for canary browser 5mbps test with scripted 5x runs of same cloudflare-quic.com test logging only webpagetest.org's 5th run metrics for with HTTP/3 enabled canary flags versus HTTP/2 without canary flags

    with HTTP/3



    where http2+quic/99 = HTTP/3 and slightly faster TTFB, First Contentful Paint, First Meaningful Paint, DOM Content Loaded time, And faster request start time and Load Time metrics

    wpt-5x-run-canary-http3-01.png

    with HTTP/2



    wpt-5x-run-canary-http2-01.png

    compared - close but cloudflare-quic.com probably optimised for both HTTP/2 and HTTP/3 is still maturing :)

    where http2+quic/99 = HTTP/3 and slightly faster TTFB, First Contentful Paint, First Meaningful Paint, DOM Content Loaded time, And faster request start time and Load Time metrics

    wpt-5x-run-canary-http2-vs-http3-01.png

    note not the best site to test though as cloudflare-quic.com has 8KB page and 1 request so benefits of HTTP/2 and HTTP/3 aren't really utilised.
     
    • Like Like x 1
  16. eva2000

    eva2000 Administrator Staff Member

    43,132
    9,792
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,122
    Local Time:
    11:22 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Cloudflare HTTP/3 QUIC enabled on my new blog site https://servermanager.guide/ :D

    curl HTTP/3 QUIC request
    Code (Text):
    curl-http3 --http3 -4I https://servermanager.guide/
    HTTP/3 200
    date: Fri, 27 Sep 2019 15:15:07 GMT
    content-type: text/html; charset=UTF-8
    set-cookie: __cfduid=df90c486f8993d397409fd2ea750bc0251569597307; expires=Sat, 26-Sep-20 15:15:07 GMT; path=/; domain=.servermanager.guide; HttpOnly; Secure
    cf-cache-status: HIT
    cache-control: public, max-age=28800
    cf-ray: 51ce6e60fa3221f0-EWR
    age: 710
    expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    expires: Fri, 27 Sep 2019 23:15:07 GMT
    link: <https://servermanager.guide/wp-json/>; rel="https://api.w.org/"
    referrer-policy: strict-origin-when-cross-origin
    strict-transport-security: max-age=31536000; includeSubdomains;
    vary: Accept-Encoding
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-powered-by: centminmod
    x-xss-protection: 1; mode=block
    alt-svc: h3-23=":443"; ma=86400
    server: cloudflare
    

    curl HTTP/2 request
    Code (Text):
    curl-http3 --http2 -4I https://servermanager.guide/   
    HTTP/2 200 
    date: Fri, 27 Sep 2019 15:17:16 GMT
    content-type: text/html; charset=UTF-8
    set-cookie: __cfduid=df7e2fce3d968e24736c932fe883a7dab1569597436; expires=Sat, 26-Sep-20 15:17:16 GMT; path=/; domain=.servermanager.guide; HttpOnly; Secure
    cf-cache-status: HIT
    cache-control: public, max-age=28800
    cf-ray: 51ce718cd885e0ae-IAD
    age: 833
    expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    expires: Fri, 27 Sep 2019 23:17:16 GMT
    link: <https://servermanager.guide/wp-json/>; rel="https://api.w.org/"
    referrer-policy: strict-origin-when-cross-origin
    strict-transport-security: max-age=31536000; includeSubdomains;
    vary: Accept-Encoding
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-powered-by: centminmod
    x-xss-protection: 1; mode=block
    alt-svc: h3-23=":443"; ma=86400
    server: cloudflare
    
     
    • Like Like x 1
  17. eva2000

    eva2000 Administrator Staff Member

    43,132
    9,792
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,122
    Local Time:
    11:22 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Litespeed folks created a HTTP/3 check site at HTTP3Check too which supports latest HTTP/3 h3-23 draft. Note if you server runs a newer HTTP/3 draft in future, http3check.net might not work until it also gets updated to support the newer draft i.e. HTTP/3 h3-24

    http3check.png
     
    • Informative Informative x 2
  18. eva2000

    eva2000 Administrator Staff Member

    43,132
    9,792
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,122
    Local Time:
    11:22 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    • Winner Winner x 2
  19. steph40

    steph40 Member

    65
    13
    8
    Jan 28, 2019
    Ratings:
    +26
    Local Time:
    8:22 AM
    1.1.5
    mariadb 10
  20. eva2000

    eva2000 Administrator Staff Member

    43,132
    9,792
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,122
    Local Time:
    11:22 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Probably not worth it right now beyond just curiosity testing as there's a huge amount of bug and security fixes between nginx 1.16.1 and 1.17.5 if you look at change log at https://nginx.org/en/CHANGES