Tag: TLS

HTTP/3 with QUIC & TLS1.3

Posted on by lechuck park

From Claude with some prompting
This image provides an overview of HTTP/3, highlighting its key features and components:

  1. 0-RTT with TLS1.3 (Zero Round Trip Time):
    • Compares TLS 1.2 and 1.3 connection processes.
    • TLS 1.3 offers faster handshake, reducing latency.
  2. Multiplexing with no HOLB (Head-of-Line Blocking):
    • UDP-based, eliminating TCP’s 3-way handshake and TCP SEQ.
    • Uses frame exchange, structured as streams, messages, and frames.
  3. Reliable:
    • QUIC-based, ensuring reliable data transfer.
    • Uses Connection ID to maintain connections despite client IP or port changes.
    • Packet Number uniquely identifies each packet within a connection.
  4. Flow/Congestion Control:
    • Lists various frame types for traffic optimization.

The diagram emphasizes that HTTP/3 is UDP-based and utilizes the QUIC protocol to enhance connection reliability and efficiency. It illustrates core concepts such as frame-based data exchange and the use of Connection IDs.

The image also details the QUIC header structure, explains how packet ordering and loss handling work, and provides a comprehensive list of frame types used in HTTP/3.

Overall, this diagram effectively visualizes the improvements HTTP/3 brings over its predecessors in terms of speed, reliability, and efficiency in data transfer.

HTTP Changes

Posted on by lechuck park

From Claude with some prompting
HTTP: HTTP uses text-based HTML with a head and body structure. HTTP/1.1 introduced Keep-Alive for maintaining TCP connections, but suffers from header overhead and Head-of-Line Blocking issues. Servers cannot push data without a client request.

HTTP/2: HTTP/2 introduced binary framing to improve performance. It enhances efficiency through header compression and multiplexing, and added server push functionality. It also strengthened authentication and encryption using TLS/SSL.

HTTP/3: HTTP/3 operates over the QUIC protocol using UDP instead of TCP. It includes TLS 1.3 by default and provides lower latency and improved multiplexing. HTTP/3 significantly enhances performance through 0-RTT connection establishment, elimination of TCP handshakes, and solving Head-of-Line Blocking issues. It also offers reliable data streams over UDP and ensures data ordering on each stream.

Kernel Transport Layer Security

Posted on by lechuck park

From Claude with some prompting
This image illustrates the concept and structure of KTLS (Kernel Transport Layer Security). KTLS implements the TLS protocol within the Linux kernel to improve performance and security.

  1. The core functionalities of TLS (encryption, authentication, integrity, anti-replay attack, and forward secrecy) are handled within the kernel.
  2. Applications for internet services (web browsing, email, messenger, etc.) run in user space and utilize the TLS functionality through the TLS library, while still using the same socket API.
  3. Data copying (Zero-Copy) between user space and kernel space is minimized, enhancing performance.
  4. With the TLS Record Layer operating inside the kernel, context switching to user space is reduced, improving security.
  5. Cryptographic acceleration features of CPUs, such as AES-NI and other encryption instruction extensions, are utilized to boost encryption operation performance.

In summary, by moving TLS processing to the kernel level, KTLS significantly improves both performance and security simultaneously.