WebPerf Google dropping SPDY in favor of HTTP 2

rdan · Sep 2, 2015

I have 50-60% mobile visitors.
And most of them use Android.
Built in android browser is not HTTP/2 capable, that's very bad.

eva2000 · Sep 2, 2015

RoldanLT said: ↑

I have 50-60% mobile visitors.
And most of them use Android.
Built in android browser is not HTTP/2 capable, that's very bad.
Click to expand...

Yeah that is a concern.. so you have double checked your Google Analytics stats for Android native browser usage ?

rdan · Sep 2, 2015

Last 30 days:

eva2000 · Sep 2, 2015

yeah 8.67% is quite a bit..

for centminmod.com Android browser is 0.5% with 6.28% mobile and 1.69% tablet based overall

for the forums Android browser is 0.24% with 3.84% mobile and 1.08% tablet based overall

eva2000 · Sep 2, 2015

caniuse can add geographical region stats too

Updated my Nginx HTTP/2 page with them

Asia has lowest compatibility rates for both SPDY and HTTP/2

eva2000 · Sep 9, 2015

Cloudflare playing with HTTP/2 Test all the things: IPv6, HTTP/2, SHA-2

Daniel Stenberg and HTTP/2 HTTP/2 – 115 days with the RFC | daniel.haxx.se

Servers
Server-side we see Apache’s mod_h2 module ship in a public release soon (possibly in a httpd version 2.4 series release), nginx has this alpha patch I’ve already mentioned andApache Traffic Server (ATS) has already shipped h2 support for a while and my friends tell me that 6.0 has fixed numerous of their initial bugs. IIS 10 for Windows 10 was released on July 29th 2015 and supports HTTP/2. H2O and nghttp2 have shipped HTTP/2 for a long time by now. I would say that the infrastructure offering is starting to look really good! Around the end of the year it’ll look even better than today.

Of course we’re still seeing HTTP/2 only deployed over HTTPS so HTTP/2 cannot currently get more popular than HTTPS is but there’s also no real reason for a site using HTTPS today to not provide HTTP/2 within the near future. I think there’s a real possibility that we go above 10% use already in 2015 and at least for browser traffic to HTTPS sites we should be able to that almost every single HTTPS site will go HTTP/2 during 2016.

The delayed start of letsencrypt has also delayed more and easier HTTPS adoption.
Click to expand...

for @RoldanLT and concerns over Android browser and HTTP/2

Still catching up
I’m waiting to see the intermediaries really catch up. Varnish, Squid and HAProxy I believe all are planning to support it to at least some extent, but I’ve not yet seen them release a version with HTTP/2 enabled.

I hear there’s still not a good HTTP/2 story on Android and its stock HTTP library, although you can in fact run libcurl HTTP/2 enabled even there, and I believe there are other stand-alone libs for Android that support HTTP/2 too, like OkHttp for example.
Click to expand...

eva2000 · Sep 11, 2015

nice reading

http2 explained

http2 concepts | http2 explained

eva2000 · Sep 11, 2015

HTTP/2 Will Break Your Security – Here’s How to Fix it | Radware Blog

Now that HTTP/2 is here and widely adopted by client browsers, many of the performance challenges that existed with HTTP1.1 are finally addressed and solved. But what about security?

While HTTP/2 provides a higher level of privacy by mandating (de-facto because of browser implementation) traffic encryption, security solutions such as Web Application Firewalls (WAFs) are not keeping pace with the HTTP/2 evolution. No WAF today can provide protection against application level attacks launched overt the HTTP/2 protocol stack, potentially leaving HTTP/2 based web applications vulnerable.
Customers that use a WAF to protect their applications and want to benefit from the performance enhancements that come with HTTP/2, need to first find out if their WAF supports the new HTTP/2 protocol or not. Chances are that it doesn’t…

If the WAF you use does not support HTTP/2, many web application level attacks could pass under its radar undetected if HTTP/2 is used to communicate with the server.
Click to expand...

Cr0w · Oct 6, 2015

http 2 speed and latency : HTTP/2: the Future of the Internet | Akamai
http 1.1 speed and latency : HTTP/2: the Future of the Internet | Akamai

why its taking so long for loading that image ? http1 is faster for loading ?

JarylW · Oct 7, 2015

Cr0w said: ↑

http 2 speed and latency : HTTP/2: the Future of the Internet | Akamai
http 1.1 speed and latency : HTTP/2: the Future of the Internet | Akamai

why its taking so long for loading that image ? http1 is faster for loading ?
Click to expand...

Not for me.
HTTP/2
Latency: 5ms
Load time: 3.99s

HTTP/1.1
Latency: 50ms
Load time: 6.42s

I have object storage with akamai through a 3rd party but sadly no http2 or even ssl

eva2000 · Oct 7, 2015

Cr0w said: ↑

http 2 speed and latency : HTTP/2: the Future of the Internet | Akamai
http 1.1 speed and latency : HTTP/2: the Future of the Internet | Akamai

why its taking so long for loading that image ? http1 is faster for loading ?
Click to expand...

it's a CDN so loaded images are geographically dependent on visitor's location, so it could be connection between you and their cdn location was slow for some reason
@RoldanLT had or has same problem with that test

eva2000 · Oct 30, 2015

7 Tips for Faster HTTP/2 Performance - NGINX

eva2000 · Feb 14, 2016

May 2016 is SPDY end date Chromium Blog: Transitioning from SPDY to HTTP/2

Last year we announced our intent to end support for the experimental protocol SPDY in favor of the standardized version, HTTP/2. HTTP/2 is the next-generation protocol for transferring information on the web, improving upon HTTP/1.1 with more features leading to better performance. Since then we've seen huge adoption of HTTP/2 from both web servers and browsers, with most now supporting HTTP/2. Over 25% of resources in Chrome are currently served over HTTP/2, compared to less than 5% over SPDY. Based on such strong adoption, starting on May 15th — the anniversary of the HTTP/2 RFC — Chrome will no longer support SPDY. Servers that do not support HTTP/2 by that time will serve Chrome requests over HTTP/1.1, providing the exact same features to users without the enhanced performance of HTTP/2.

At the same time, Chrome will stop supporting the TLS protocol extension NPN, which allows servers to negotiate SPDY and HTTP/2 connections with clients. NPN has been superseded by the TLS extension ALPN, published by the IETF in 2014. ALPN is already used 99% of the time to negotiate HTTP/2 with Chrome, and the remaining servers can gain ALPN support by upgrading their SSL library.

We are looking forward to HTTP/2 continuing to gain adoption, bringing us an even faster web.
Click to expand...

Cr0w · Feb 24, 2016

i really want to see how this HTTP 2.0 working , i believe this thing is most important thing for the low internet connection speed countries . which is websites are using HTTP/2 protocol right now ? please give me the link of those websites
recently i buy an SSL Certificate and now i want to run my website on HTTP/2 .
Questions :
1.i bought an POSITIVE SSL , and i can't make my sub domains secure by SSL Encryption , so exactly i can't use the HTTP/2 On sub domain right ? so what should id do ?
note* : positive paid ssl : https:// domain.com . free ssl : https://community.domain.com
2. can i use free SSL for HTTP/2 , For example : Let's Encrypt - Free SSL/TLS Certificates , cloudflare.com , startssl.com, and more ...

Sunka · Feb 24, 2016

Cr0w said: ↑

which is websites are using HTTP/2 protocol right now
Click to expand...

Mine.
Pijani Tvor

eva2000 · Feb 25, 2016

Cr0w said: ↑

1.i bought an POSITIVE SSL , and i can't make my sub domains secure by SSL Encryption , so exactly i can't use the HTTP/2 On sub domain right ? so what should id do ?
Click to expand...

yes regular ssl certificates like positive ssl over cover main domain.com and www version of the domain. If you want to cover subdomain.domain.com you need a separate regular ssl certificate and use the subdomain.domain.com as the common name or use an ssl wildcard certificate which covers main domain and all *.domain.com subdomains. Centminmod.com uses SSL wildcard to cover over 100+ subdomains on *.centminmod.com

Cr0w said: ↑

2. can i use free SSL for HTTP/2 , For example : Let's Encrypt - Free SSL/TLS Certificates , cloudflare.com , startssl.com, and more ...
Click to expand...

Yes you can use Let's Encrypt - Centmin Mod will eventually have stable Letsencrypt integration and is currently being tested in separate experimental branch 123.09beta01le4 and Centmin Mod Nginx is already HTTP/2 by default. See Letsencrypt Free SSL Certificates and SSL - Centmin Mod Letsencrypt Branch testing discussions | Centmin Mod Community

Cloudflare can use free SSL with HTTP/2 support but you'd have to move your domain's dns over to them

rdan · Feb 25, 2016

The best option to have Free SSL / HTTPS / HTTP/2 either Cloudflare or LetsEncrypt .

eva2000 · Feb 25, 2016

RoldanLT said: ↑

The best option to have Free SSL / HTTPS / HTTP/2 either Cloudflare or LetsEncrypt .
Click to expand...

not entirely as free Cloudflare SSL is ECDSA based and winxp and other tools maybe not support it i.e. some lower versions of curl <7.36 unless you update it Wordpress - wp-cron SSL connect error with Cloudflare SSL ECDSA | Centmin Mod Community So may need paid version of Cloudflare plan so you can have wider compatibility based SSL certificate

and Let's encrypt SSL doesn't support WinXP either.

Cr0w · Mar 1, 2016

eva2000 said: ↑

not entirely as free Cloudflare SSL is ECDSA based and winxp and other tools maybe not support it i.e. some lower versions of curl <7.36 unless you update it Wordpress - wp-cron SSL connect error with Cloudflare SSL ECDSA | Centmin Mod Community So may need paid version of Cloudflare plan so you can have wider compatibility based SSL certificate

and Let's encrypt SSL doesn't support WinXP either.
Click to expand...

RIGHT , so simply you suggesting to use Lets encrypt for free SSL ?
I believe the Lets Encrypt is better than cloudflare

Sunka said: ↑

Mine.
Pijani Tvor
Click to expand...

cool , have you any problems with it ? why world still on 1.1 or spdy , is any famous websites exist for using HTTP/2

Sunka · Mar 2, 2016

Cr0w said: ↑

have you any problems with it ?
Click to expand...

Nop.

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

WebPerf Google dropping SPDY in favor of HTTP 2

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Cr0w Member

JarylW Active Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Cr0w Member

Sunka Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

Cr0w Member

Sunka Well-Known Member

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

WebPerf Google dropping SPDY in favor of HTTP 2

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Cr0w Member

JarylW Active Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Cr0w Member

Sunka Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

Cr0w Member

Sunka Well-Known Member

.