The evergreen web work horse protocol, HyperText Transfer Protocol, or HTTP, has been updated officially in May 2015. Since then, many browsers and servers support it and more and more web sites start trying HTTP2.
Although HTTP/2 is better than HTTP/1.x, not every sites will benefit from it. This post gives a simple and rough test for the HTTP/2 performance vs. HTTP only and HTTPS in my own site.
What’s the key features in HTTP/2?
- binary payload, rather than text, making it more compact and efficient for transport.
- a single TCP connection per domain for multiplexing, rather than multiple connection for each request.
- header is compressed.
- TLS/SSL is required, making it secured.
Test a site with many mixed resources(mostly images) with nearly 357 requests, 25MB made.
Note cache is disabled and close then open a new incognito chrome for each test. The nginx server config is fairly simple:
./configure --with-http_ssl_module --with-openssl=../openssl-1.1.0e --with-http_v2_module
Where HTTP has nothing configured, HTTP2 has all while https sits in between.
Here is the nginx SSL/TLS configuration section, which grabbed from the Mozilla SSL Configuration Generator.
listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate ssl_certificate /etc/letsencrypt/live/xiaolongtongxue.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/xiaolongtongxue.com/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits ssl_dhparam /etc/ssl/certs/dhparam.pem; # modern configuration. tweak to your needs. ssl_protocols TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers on; # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) add_header Strict-Transport-Security max-age=15768000; # OCSP Stapling --- # fetch OCSP records from URL in ssl_certificate and cache them ssl_stapling on; ssl_stapling_verify on; ## verify chain of trust of OCSP response using Root CA and Intermediate certs ssl_trusted_certificate /etc/letsencrypt/live/xiaolongtongxue.com/chain.pem; resolver 188.8.131.52 184.108.40.206 valid=86400; resolver_timeout 10;
The connection ID can help identify the TCP connection. We can see that at most 5 or 6 connection per one page request.
The waterfall column tells us that the request firing has the timing order.
There is almost no difference with HTTP except that the time is larger than HTTP. More specifically, the very first connections, e.g., first 3 connection ID timing are much larger then HTTP. Take the HTML document request for example, is 288ms vs. 639ms. HTTP connection establishment needs only the classic three-way-handshake(usually one RTT), while the HTTPS goes further, which does complex TLS handshake(usually two RTTs).
Although the https encryption/decryption needs time, the impact of network delay dominates the performance, however.
Only one connection, wow, it’s outstanding. Look at the waterfall, the request firing is almost at same time(after DOM being loaded).
The initial DOM request is also faster than HTTPS does.
Summary test on a usual latency(100ms) network
We can see that HTTP is faster than HTTPS, the newcomer, HTTP/2 is the worst in performance, however.
In short, some sites may not benefit from HTTP2.
- My rough tests method may be wrong since I do not dig into the protocol but hit the ground.
- HTTPS/HTTP2 needs time to do the TLS handshake while HTTP doesn’t have to pay.
- Much of the payloads are image data which are binary compressed already, where http2 doesn’t gain any advantages.
- Only one TCP connection, it may results a single point failure(I am not sure, but I bet the designer must be bound to consider it)?
- Network environment is complicated, different network should have different performance.
For a more accurate testing, we need to analytics the networking. I’m learning Wireshark recently and it’s a great network protocol analyzer! When ready, this post would be fulfilled.
Thanks for reading.