Join the community today
Register Now

WebPerf Google dropping SPDY in favor of HTTP 2

Discussion in 'All Internet & Web Performance News' started by jeffwidman, Feb 10, 2015.

  1. eva2000

    eva2000 Administrator Staff Member

    43,042
    9,772
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,087
    Local Time:
    2:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  2. BamaStangGuy

    BamaStangGuy Premium Member Premium Member

    635
    185
    43
    May 25, 2014
    Ratings:
    +255
    Local Time:
    10:33 PM
    I am frustrated at this push to secure everything by Google while at the same time advertising networks are not supporting that trend.
     
    • Agree Agree x 1
  3. eva2000

    eva2000 Administrator Staff Member

    43,042
    9,772
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,087
    Local Time:
    2:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Yeah wonder what are the top factors preventing ad networks and advertisers from going https / SSL compliant. You don't need to redirect all http traffic to https - just have the ads capable of being served from both http and https.

    More HTTP/2 info HTTP/2: The future of the Web demystified | InfoWorld :)

     
  4. eva2000

    eva2000 Administrator Staff Member

    43,042
    9,772
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,087
    Local Time:
    2:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  5. eva2000

    eva2000 Administrator Staff Member

    43,042
    9,772
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,087
    Local Time:
    2:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Web Performance: The Status of HTTP/2 (H2) - Ma... | Akamai

     
  6. eva2000

    eva2000 Administrator Staff Member

    43,042
    9,772
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,087
    Local Time:
    2:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Firefox 37 and Opportunistic Encryption = TLS over http non-encrypted connections via SPDY/3.1 or Alt-Svc: h2 headers ("alternative services") Bits Up!: Opportunistic Encryption For Firefox

    From draft-ietf-httpbis-alt-svc-04 - HTTP Alternative Services

     
    Last edited: Mar 29, 2015
  7. eva2000

    eva2000 Administrator Staff Member

    43,042
    9,772
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,087
    Local Time:
    2:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Using Firefox 38 developer edition to test out Opportunistic Encryption over clear text http on Centmin Mod's Nginx server on port 82 with Alt-Svc: h2=":8081" header set to pass unauthenticated encryption over TLS via my h2o HTTP/2 server setup on port 8081. Checking Firefox 38's developer tools network headers you can clearly see http connections being passed and served via h2 protocol = HTTP/2 :)

    One thing I am not clear on in the article at Bits Up!: Opportunistic Encryption For Firefox is whether this means a total end to mixed content warnings in browsers that support Opportunistic Encryption ?? Will it be okay to have http and https mixed if http uses Opportunistic Encryption to pass the data over encrypted SPDY/3.1 or HTTP/2 server with Alt-Svc:h2 or SPDY/3.1 headers ?

    Edit: Patrick McManus from Firefox himself clarified OE and mixed content warnings. OE doesn't help with mixed content warnings.

    firefox38dev_oe_nginx82_h2o8081_01.png

    over curl client the Alt-Svc:h2 header is seen but not used as curl doesn't support Opportunistic Encryption. Firefox 37+ will though. Hoping Chrome and other major browsers support it too :)

    Code:
    curl -I http://h2ohttp2.centminmod.com:82/flags.html
    HTTP/1.1 200 OK
    Date: Sun, 29 Mar 2015 00:52:36 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 63207
    Last-Modified: Sat, 28 Mar 2015 04:51:44 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
    ETag: "55163360-f6e7"
    Server: nginx centminmod
    Expires: Sun, 29 Mar 2015 01:07:36 GMT
    Cache-Control: max-age=900
    Cache-Control: public, must-revalidate, proxy-revalidate
    Alt-Svc: h2=":8081"
    Accept-Ranges: bytes
    edit: looks like mixed content warnings still exist right now with Firefox 38 developer edition and Nginx http 82 passing data to h2o HTTP/2 TLS server on port 8081 despite the single flag on port 82 show as secured over HTTP/2 = h2 protocol by Firefox

    firefox38dev_oe_mixed_content_nginx82_h2o8081_00.png

    firefox38dev_oe_mixed_content_nginx82_h2o8081_01.png
     
    Last edited: Mar 30, 2015
    • Informative Informative x 2
  8. eva2000

    eva2000 Administrator Staff Member

    43,042
    9,772
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,087
    Local Time:
    2:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  9. eva2000

    eva2000 Administrator Staff Member

    43,042
    9,772
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,087
    Local Time:
    2:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    More on Firefox new version and Opportunistic Encryption New Firefox version says “might as well” to encrypting all Web traffic | Ars Technica

     
  10. eva2000

    eva2000 Administrator Staff Member

    43,042
    9,772
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,087
    Local Time:
    2:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Looks like Firefox disabled Opportunistic Encryption in 37.01 Mozilla Firefox 37.0.1 Out Now, Disables HTTP/2 AltSvc and Fixes Bugs - Softpedia

    flaw Certificate verification bypass through the HTTP/2 Alt-Svc header — Mozilla

     
    Last edited: Apr 6, 2015
  11. eva2000

    eva2000 Administrator Staff Member

    43,042
    9,772
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,087
    Local Time:
    2:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    hmm Nginx's own road map has HTTP/2 due in 13 months in 1.9 mainline Roadmap – nginx ? with Nginx 1.8.x due in 2 weeks time.

     
  12. eva2000

    eva2000 Administrator Staff Member

    43,042
    9,772
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,087
    Local Time:
    2:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Last edited: Jun 1, 2015
    • Informative Informative x 1
  13. rdan

    rdan Well-Known Member

    4,856
    1,160
    113
    May 25, 2014
    Ratings:
    +1,740
    Local Time:
    12:33 PM
    Mainline
    10.2
    Sadly not with 1.9.2 Roadmap – nginx

    Milestone: 1.9.2
    Due in 6 days (Jun 16, 2015 6:00:00 PM)
    Status: scheduled

    Trunk: mainline
    stream modules addons
    OSCP stapling fix
    config dump
     
  14. eva2000

    eva2000 Administrator Staff Member

    43,042
    9,772
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,087
    Local Time:
    2:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    guess they're thoroughly testing HTTP/2 for nginx first :)
     
  15. rdan

    rdan Well-Known Member

    4,856
    1,160
    113
    May 25, 2014
    Ratings:
    +1,740
    Local Time:
    12:33 PM
    Mainline
    10.2
    Haha not trying to be like OLS :D
     
    • Like Like x 1
  16. eva2000

    eva2000 Administrator Staff Member

    43,042
    9,772
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,087
    Local Time:
    2:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    • Informative Informative x 1
  17. eva2000

    eva2000 Administrator Staff Member

    43,042
    9,772
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,087
    Local Time:
    2:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    • Like Like x 1
  18. eva2000

    eva2000 Administrator Staff Member

    43,042
    9,772
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,087
    Local Time:
    2:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    • Like Like x 1
  19. rdan

    rdan Well-Known Member

    4,856
    1,160
    113
    May 25, 2014
    Ratings:
    +1,740
    Local Time:
    12:33 PM
    Mainline
    10.2
    • Informative Informative x 1
  20. eva2000

    eva2000 Administrator Staff Member

    43,042
    9,772
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,087
    Local Time:
    2:33 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Ah indeed if browser compatibility is an issue

    upload_2015-9-2_14-29-3.png

    upload_2015-9-2_14-29-48.png