Debian Curl Now Supports HTTP3: What You Need To Know

Great news for Debian users! Curl now boasts HTTP/3 support, starting with version 8.0.0-2. This upgrade significantly boosts curl's performance and efficiency in web communication.

Table of Contents

- Using HTTP/3 with Curl in Debian

• HTTP/3 Availability Across Debian Versions
• Addressing Implementation Challenges
• Deployment Process and Steps
• Maintaining System Stability
• Summary

Using HTTP/3 with Curl in Debian

Testing this new feature is simple, using the --http3-only flag:

curl --http3-only https://example.com

For containerized testing with Podman:

podman run debian:unstable apt update -y && apt install -y curl && curl --http3-only https://example.com

Note: The apt update command is included for clarity; this is necessary for the upgrade and installation. This isn't yet available in the stable release.

HTTP/3 Availability Across Debian Versions

HTTP/3 support is being rolled out across Debian versions:

• Debian Unstable: Available since July 2, 2024.
• Debian Testing: Expected mid-July 2024 (pending any issues).
• Debian 12 (bookworm) Backports: Available once the package reaches Debian Testing.
• Debian 12 (bookworm): Not in the standard repository due to Debian's stability focus, but accessible via backports.
• Debian Derivatives: Rolling releases will receive it upon its arrival in Debian Testing. Stable derivatives will include it in their next major release.

Addressing Implementation Challenges

HTTP/3's relative newness presented challenges:

1. OpenSSL Limitations: OpenSSL's incomplete HTTP/3 support and the widespread use of OpenSSL in curl packages made switching TLS backends risky.
2. Performance Concerns: OpenSSL's HTTP/3 performance in version 3.3 was suboptimal.
3. nginx Compatibility: While nginx supports HTTP/3 via OpenSSL, it recommends alternative SSL libraries (BoringSSL, LibreSSL, or QuicTLS) for enhanced QUIC support.

Debian's solution involved leveraging GnuTLS, which recently gained robust HTTP/3 support via ngtcp2 and nghttp3.

Deployment Process and Steps

Debian's curl package traditionally includes both OpenSSL and GnuTLS libcurl variants. The GnuTLS variant already supports HTTP/3.

Key Steps:

1. Dependency Fulfillment: Ensuring all dependencies met minimum requirements.
2. Enabling GnuTLS HTTP/3: Activating HTTP/3 support within the GnuTLS libcurl version.
3. TLS Backend Transition: Switching the curl CLI's TLS backend from OpenSSL to GnuTLS.

This involved nghttp3 updates (necessitating a SONAME bump) and compatibility checks. Once dependencies were ready, enabling HTTP/3 was straightforward.

Maintaining System Stability

To prevent disruptions:

1. No Immediate Stable Release Push: The update won't be included in current stable releases; it will be in the next stable release (13/trixie).
2. Risk Assessment: A thorough evaluation of potential functionality loss due to the OpenSSL backend shift. The primary concern was the experimental Encrypted Client Hello (ECH), unsupported by standard OpenSSL.
3. Comprehensive CI Testing: CI tests for all curl-dependent packages were run to identify and address potential breakages. Results were compared against the pre-change OpenSSL curl CLI.

Deployment to Debian Testing is anticipated within a few days (approximately 5 days), pending any issues. Resolution of any problems before migration is expected to take under a month.

Summary

HTTP/3 integration in Debian's curl is a major advancement, enhancing performance and aligning with current web standards. Debian developers carefully managed this complex upgrade to maintain stability and reliability for all users.

Resources:

• Debian's curl now supports HTTP/3

The above is the detailed content of Debian Curl Now Supports HTTP3: What You Need To Know. For more information, please follow other related articles on the PHP Chinese website!