HTTP/2, the next version of the Hyper Text Transfer Protocol – based on Google’s SPDY networking protocol – has been formally approved by the Internet Engineering Steering Group. As the latest and greatest, the new standard addresses many of the problems we’ve come to live with under HTTP/1.x. But don’t expect everyone to start jumping over immediately – HTTP/1.1 is going nowhere and will be with us for many years to come.
Development of HTTP/2
Work started in 2012 with the SPDY networking protocol being chosen as the basis for HTTP/2. SPDY (pronounced speedy) was developed by Google to addresses key performance issues with HTTP.
Development and standardisation of the new HTTP/2 protocol is the responsibility of the HTTP Working Group of the Internet Engineering Task Force (IETF). Now the IETF has finally signed off on HTTP/2, it is now headed for official publication as RFCs.
SPDY gained significant traction for its performance benefits over traditional HTTP – with Chrome, Firefox, Opera and even Internet Explorer eventually supporting the protocol. However, now HTTP/2 has been approved – Google, Mozilla and Microsoft have announced they will be removing support for SPDY in future versions of their browsers – with Google confirming it will strip out support in Chrome by early 2016.
In September 2012, a significant vulnerability was found with the use of gzip for header compression when used inside of encryption. This was, at the time, the proposed standard way to compress header information with SPDY/2, since it is a simple and very efficient way to achieve compression.
Resulting from the discoveries, the Working Group has created a second standard for HTTP/2 called ‘HPACK’, which allows us to compress HTTP headers. Suffice to say, HTTP/2 works equally on non-secure connections too – HPACK was created so we can securely take advantage of header compression.
What’s new in HTTP/2?
First and most importantly: the methods, status codes and semantics are the same as HTTP/1.1, so no changes are needed to web applications unless you want to take advantage of the new performance benefits it offers. The major changes are largely performance-oriented.
Any web developer will know the painstaking work it takes to reduce the number of network requests a client needs to make to fully render a web page. This is because HTTP requests are expensive and take up valuable time. What’s more, browsers have to examine each response and make subsequent requests when it needs multiple files to fully complete the rendering of a web page. It sounds tiring, doesn’t it? Surely there is a better solution in sight, right?
Finally, HTTP/2 will allow servers to push content even if the client does not request it at the time. For example, if a client is requesting an HTML document from the server and the document relies on a stylesheet for its appearance, we can supply the stylesheet with the original request – saving time by avoiding the browser making another request for the stylesheet later on.
What’s more, HTTP/2 is fully multiplexed, meaning multiple request and response messages can be transmitted on a single connection at the same time. And if a prior request is still outstanding, it won’t hold up other requests that can be processed quicker by the server (e.g., requests for dynamic content will take longer than serving up static resources).
Another important difference is all requests and responses over HTTP/2 are in binary rather than plaintext, so we will no longer be able to dissect HTTP messages through Telnet. Luckily, there are tools out there to help fill the void – such as the Wireshark plugin.
Google has announced it will be rolling out support for HTTP/2 in an update to Chrome 40 over the next couple of weeks, with Firefox 36 (due next week) supporting drafts 14 and 15. It won’t be until after Firefox 38 we see it supporting the proposed standard approved by the Internet Engineering Steering Group. Subsequently, Chrome will likely be the first browser to bring full support for HTTP/2. No surprise there.
Internet Explorer 11 does indeed support HTTP/2 – albeit draft 14 – but only on Windows 10 Technical Preview. Microsoft’s new ‘Project Spartan’ web browser will include support. However, there is currently no word from Microsoft as to whether support will be offered for Internet Explorer on older versions of Windows (e.g. Windows 8.1).