Understanding HTTP/3 and QUIC: History, Key Features, and Performance Improvements

On June 6, the IETF officially published the HTTP/3 RFC, the third major version of the Hypertext Transfer Protocol, with a detailed specification exceeding 20,000 words.

Historical timeline: 1991 – HTTP/1.1; 2009 – Google designs TCP‑based SPDY; 2013 – QUIC is introduced; 2015 – HTTP/2; 2018 – HTTP/3.

HTTP/3 runs over QUIC, which uses UDP to achieve high speed while preserving TLS security; the protocol is often described as HTTP over QUIC or simply HTTP/3 .

QUIC (Quick UDP Internet Connections) combines the advantages of TCP, TLS, and HTTP/2, providing a unified transport layer that can carry any application‑layer protocol such as HTTP, FTP, or IMAP.

0‑RTT Connection Establishment

Client sends an Inchoate Client Hello to request a connection.

Server generates parameters g, p, a, computes A, and returns them in a Rejection message.

Client generates b, computes B and the initial key K, encrypts HTTP data with K, and sends B and the encrypted data.

Server derives the same key, decrypts the data, updates its random values, and replies with a Server Hello and the HTTP response.

Because QUIC’s first connection requires only 1RTT and subsequent connections can use 0RTT , the client can include request data in the very first packet.

Connection Migration

Unlike TCP, which binds a connection to a four‑tuple (source IP, source port, destination IP, destination port), QUIC identifies a connection with a 64‑bit random Connection ID , allowing the connection to survive IP or port changes.

Head‑of‑Line Blocking

Both HTTP/1.1 and HTTP/2 suffer from head‑of‑line (HOL) blocking because they rely on TCP’s ordered delivery; a lost packet stalls all subsequent data. QUIC avoids this by using UDP packets as independent encryption units and by allowing out‑of‑order processing.

Congestion Control

QUIC re‑implements TCP’s Cubic algorithm but adds several enhancements: (1) hot‑plug congestion control that can be changed at the application layer; (2) Forward Error Correction (FEC) that adds redundancy to recover lost packets; (3) a strictly monotonic Packet Number that eliminates ambiguity between original and retransmitted packets; (4) ACK delay accounting for more accurate RTT measurement; and (5) up to 256 ACK blocks per ACK, reducing retransmissions on lossy links.

Flow Control

QUIC provides two levels of flow control. At the stream level, each stream has a receive window that shrinks as data arrives and grows when the receiver sends a WINDOW_UPDATE frame. At the connection level, the overall receive window equals the sum of all stream windows, ensuring the sender does not overwhelm the receiver.

Reference links: HTTP/3 Principles and Practice .