Unlock Faster Web Performance: Master HTTP/2, TLS 1.3, ECC & Brotli on Nginx

HTTP/2

HTTP/2 (the second version of the Hypertext Transfer Protocol) is the first update since HTTP/1.1, derived from SPDY and standardized by the IETF httpbis working group.

Key features include:

Binary framing

Header compression (HPACK)

Flow control

Multiplexing

Request priority

Server push

Binary Framing

HTTP/2 inserts a binary framing layer between the application and transport layers, splitting all communication into frames, the smallest unit that carries a header, stream identifier, priority and payload.

Common frame types are:

DATA – carries HTTP message bodies

HEADERS – carries header fields

SETTINGS – negotiates configuration such as initial flow‑control window

WINDOW_UPDATE – adjusts flow‑control windows

PRIORITY – sets or updates stream priority

RST_STREAM – aborts a stream

PUSH_PROMISE – signals server‑initiated push

PING – measures round‑trip time

GOAWAY – tells the peer to stop creating new streams

Messages are composed of one or more frames; streams are virtual channels identified by odd (client‑initiated) or even (server‑initiated) IDs.

Header Compression

HTTP/2 uses the HPACK compression table to store previously sent header name‑value pairs, eliminating the need to resend them on every request.

Flow Control

Flow control is per‑connection and per‑stream, based on WINDOW_UPDATE frames, and applies only to DATA frames.

Multiplexing

Multiple independent streams share a single TCP connection, allowing interleaved transmission of frames without the head‑of‑line blocking of HTTP/1.1.

Request Priority

Each stream can carry a 31‑bit priority value (0 = highest) that the server may use to order responses.

Server Push

The server can send PUSH_PROMISE frames followed by the promised resources (e.g., CSS, JS) before the client requests them.

TLS 1.3

TLS 1.3, standardized in RFC 8446, introduces a new key‑exchange mechanism (PSK), 0‑RTT data, removes legacy ciphers and hash algorithms, encrypts most handshake messages, and eliminates compression and renegotiation.

It reduces connection latency by one round‑trip compared with TLS 1.2.

ECC (Elliptic Curve Cryptography)

ECC provides comparable security to RSA with much shorter keys (e.g., 256‑bit ECC ≈ 3072‑bit RSA), resulting in lower CPU usage, smaller certificates and faster handshakes, which is especially beneficial for mobile devices.

Limitations: not all certificate types support ECC and some older browsers/devices lack ECC support.

Brotli Compression

Brotli is a lossless compression algorithm introduced by Google in 2015. Compared with Gzip, it offers 17‑25 % better performance on typical web assets and higher compression ratios even at low compression levels.

Support requires HTTPS and the ngx_brotli module to be compiled into Nginx.

Nginx Configuration Highlights

Enable HTTP/2:

listen 443 ssl http2;

Enable TLS 1.3 (requires OpenSSL 1.1.1 and Nginx 1.13+):

ssl_protocols TLSv1.3;

ssl_early_data on;  /* enable 0‑RTT */

Enable server push:

http2_push_preload on;

Enable Brotli:

load_module modules/ngx_http_brotli_filter_module.so;

brotli on;

These settings together improve latency, bandwidth usage and overall web performance.