QUIC – WindowsTechs.com

Is the example in the QUIC spec for header encryption wrong, or have I missed something?

Posted on September 3, 2024 by whatitis

In the QUIC spec, they’ve provided an example of header protection:
https://datatracker.ietf.org/doc/html/rfc9001#name-sample-packet-protection
They’ve got the following process (paraphrasing):
hp = c206b8d9b9f0f37644430b490eeaa314
sample … Continue reading Is the example in the QUIC spec for header encryption wrong, or have I missed something?→

0-RTT Handshake key storage location for quic

Posted on January 23, 2024 by user303725

I’m studying the quic protocol. On the quic’s 0-RTT Handshake, I found out that if a client has ever connected, they authenticate to the server using the key obtained from the previous connection. So where is the key from the previous conn… Continue reading 0-RTT Handshake key storage location for quic→

Does HTTP/3 necessitate additional – beyond HTTP/2 via TLS1.3 – restrictions on client authentication (mTLS)?

Posted on July 9, 2023 by anx

A recent Nginx release allows me to set listen 443 quic; to enable HTTP/3. Neat. I had been using HTTP/2 with TLS1.3 before, so I did not expect that change much, just optimize round trips with otherwise matching security properties.
One m… Continue reading Does HTTP/3 necessitate additional – beyond HTTP/2 via TLS1.3 – restrictions on client authentication (mTLS)?→

SNI visible in HTTP/3, QUIC connection?

Posted on November 23, 2022 by zerogainer

Client Hello should be encrypted in HTTP/3 and QUIC, but in Wireshark I can still see SNI of the QUIC connection when using DoH.
The names should be encrypted inside the Handshake/CRYPTO packets.

is this expected? is ECH the only way tha… Continue reading SNI visible in HTTP/3, QUIC connection?→

How does QUIC provide delivery guarantee [migrated]

Posted on September 20, 2022 by Ghost Rider

I’m struggling to grasp how QUIC implements handshakes in contrast with 3 handshakes in TCP. I came across with this picture on wikipedia. As QUIC uses UDP, I don’t understand how the protocol ensures that a packet was delivered and a clie… Continue reading How does QUIC provide delivery guarantee [migrated]→

Chrome with QUIC enabled is making TLS connection to first Google search result

Posted on February 17, 2022 by Marco Marsala

When I search a site by its name on Google search engine, my Chrome browser pings the first search result, making a TLS connection.
For example, if I search "github" on Google, the first result displayed is obviously github.com, … Continue reading Chrome with QUIC enabled is making TLS connection to first Google search result→

HTTP/3 and QUIC: Past, Present, and Future

Posted on June 21, 2021 by Mike Bishop

You may have seen the announcements over the past two weeks — the IETF QUIC RFCs have been published! That leads to a lot of questions, depending on how closely you’ve followed this space. You might be wondering what this means to you, or you might th… Continue reading HTTP/3 and QUIC: Past, Present, and Future→

HTTP/3 and QUIC: Past, Present, and Future

Posted on June 21, 2021 by Mike Bishop

You may have seen the announcements over the past two weeks — the IETF QUIC RFCs have been published! That leads to a lot of questions, depending on how closely you’ve followed this space. You might be wondering what this means to you, or you might think QUIC has been an established thing for years now. And how does HTTP/3 fit into this? Is HTTP/3 another name for QUIC? Continue reading HTTP/3 and QUIC: Past, Present, and Future→

HTTP/3: Come for the speed, stay for the security

Posted on November 14, 2018 by Danny Bradbury

Key personnel at the Internet Engineering Task Force (IETF) have suggested basing the next version of a core web protocol on Google technology. Continue reading HTTP/3: Come for the speed, stay for the security→