0

From watching HTTPS everywhere on YouTube they suggest that HTTPS and SPDY combined will be quicker than just serving web pages/assets over HTTP but then since reading SPDY is Dead. Long Live HTTP/2 and what with with HTTP2 support being a way off I am in two minds as to whether to move a large site I'm working on to HTTPS entirely as ultimately it will be slower since doing perf comparison tests (the DOM content loaded took twice the time to load). I also just read somewhere that browsers are dropping support for SPDY.

What is the state of SPDY and should I just wait until HTTP2 until I advocate moving everything to HTTPS everywhere? Should I accept the performance hit?

dsign
  • 12,340
  • 6
  • 59
  • 82
alexrogers
  • 1,514
  • 1
  • 16
  • 27

1 Answers1

2

SPDY is definitely dying, now that HTTP/2 is an official specification.

Firefox and Chrome already support HTTP/2, and servers start to deploy it instead of SPDY - Google, Twitter, etc. Internet Explorer support will arrive soon with IE 11.

HTTP/2 is definitely gaining momentum, and the future will be on HTTP/2 and TLS.

You should not wait for HTTP/2, because it's already here.

About the performance hit, the usual recommendation is to benchmark, but there is evidence that HTTP/2 over TLS is much better than HTTP/1.1 over TLS, and possibly comparable - if not better - than cleartext HTTP/1.1, depending on the case.

Reasons behind this are a number of optimizations performed by HTTP/2 such as multiplexing, header compression and resource push, that are simply not possible with HTTP/1.1.

See for example the demo video (disclaimer, I am a Jetty committer) we gave in 2012 (about Jetty and SPDY at that time, but HTTP/2 behaves the same), or the Go language HTTP/2 demo, or the Akamai HTTP/2 demo.

With Jetty, for example, you can deploy Java webapps on HTTP/2, but also complete PHP websites on HTTP/2. Our own website, https://webtide.com, is WordPress served by Jetty on HTTP/2.

You can move to TLS and HTTP/2 now.

Community
  • 1
  • 1
sbordet
  • 16,856
  • 1
  • 50
  • 45
  • Thanks! Do you have any more info on Internet Explorer support will arrive soon with IE 11, any refs? I assume HTTP2 needs to be enabled on the server? The site is on apache and squid. – alexrogers May 21 '15 at 10:10
  • Further, are there any risks? Are there any vulnerabilities like what SPDY had (when used in conjunction with GZIP)? And I would assume it is completely backwards compatible not to break the web, so there is no harm in updating? – alexrogers May 21 '15 at 10:18
  • HTTP/2 does not have the same issues that SPDY had using GZIP to compress headers, so you're safe there. HTTP/2 is indeed backward compatible, so you won't notice (if you are accessing Google servers - GMail, YouTube, etc. you are already using HTTP/2 and I bet you did not notice). You can read about IE and HTTP/2 [here](http://blogs.msdn.com/b/ie/archive/2014/10/08/http-2-the-long-awaited-sequel.aspx). As for apache and squid, you have to check with those project what is their current status with respect to HTTP/2. – sbordet May 21 '15 at 14:17