HTTP/3 may still be in the draft state but that isn’t stopping software from adding support for it. As a Gentoo developer, I decided to maintain Gentoo’s reputation for not being one to shy away from the bleeding edge by adding (optional) support for HTTP/3 to cURL. I believe that this makes Gentoo the first Linux distribution to ship support for this new protocol outside of the Firefox and Chrome/Chromium browsers.
cURL is a command line tool as well a library (libcurl) that is used by a wide variety of software. It’s commonly used by applications written in php, it’s used by the Kodi media center, and it’s at least an optional dependency of everything from git to systemd to cmake and dovecot. By adding support for HTTP/3 to cURL, potentially everything that uses cURL will also instantly also start supporting HTTP/3.
cURL added HTTP/3 support in version 7.66.0. Rather than writing the entirety of large, complex, and evolving HTTP/3 protocol implementation again (and having to maintain that forever), cURL instead leverages libraries. The two options it currently supports for this purpose are quiche and the combination of ngtcp2 and nghttp3.
Quiche is an HTTP/3 implementation first released by Cloudflare in January 2019. Since Cloudflare is using it to add support for HTTP/3 to its entire CDN (Content Distribution Network), they’re actively developing it keeping track of the latest changes being made in the HTTP/3 drafts. Quiche uses Google’s boringssl for cryptography which allows it to evolve faster, not having to wait for OpenSSL to implement features. It’s written in Rust which is great for security and maintainability. However, being written in Rust is also a problem as that means quiche is only available on platforms that Rust supports (amd64, arm64, ppc64, and x86) which is a much reduced subset of what cURL and the C language support (which is pretty much everything).
ngtcp2 (which implements IETF QUIC, the underlying HTTP/3 protocol) and nghttp3 (which implements the higher level HTTP/3 protocol) together form an HTTP/3 implementation. They are closely modeled on nghttp2 which is already used by cURL as well as the Apache web server (httpd). Therefore, they’re easier for existing software to use. They are written in C using standard build tools making them highly portable and able to run on essentially any architecture. ngtcp2 uses OpenSSL but the changes necessary for HTTP/3 support are not yet available in OpenSSL. This situation is also preventing HTTP/3 support from being available in other software that uses OpenSSL, including nodejs (see nodejs issue). Therefore, for the moment, in order to use ngtcp2, a patched version of OpenSSL must also be used. That isn’t an tenable solution for a Linux distribution such as Gentoo for a variety of reasons, including maintainability and security concerns involved with carrying a non-upstream version of such a critical package as OpenSSL. In the mean time, I’ve included the net-libs/ngtcp2 and net-libs/nghttp3 packages in Gentoo but masked them; that way, when OpenSSL is updated, the packages are ready and can simply be unmasked.
To enable HTTP/3 support in Gentoo, add the quiche
use flag to the net-misc/curl
package and re-emerge curl:
echo "net-misc/curl quiche" >> /etc/portage/package.use
emerge -1 net-misc/curl
After that, use the curl
command’s new --http3
argument when making https requests. See the cURL documentation for more information.