Google Chrome Drops support for NPN Protocol, used for HTTP/2
 Google Chrome Drops support for NPN Protocol, used for HTTP/2
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...
May 27, 2016 Comments closed

Google Chrome Drops support for NPN Protocol, used for HTTP/2

in Industry Lowdown

Google’s popular Chrome browser will no longer support a technical protocol used for initiating HTTP/2 connections.

By removing this protocol, named “NPN” (Next Protocol Negotiation), some servers will no longer be able to support HTTP/2, which is a large upgrade to the technology that browsers use to communicate with websites.

This change took place on May 25th, 2016, with the release of Chrome 51 to the Stable Channel.

The Importance of Negotiation

When a client and server first connect they “negotiate” in order to exchange necessary information about each other and share their technical capabilities. When attempting to make an HTTP/2 connection, there were two options available for negotiation: NPN and APLN (Application-Layer Protocol Negotiation).

APLN is the successor to NPN. The specific differences between the two protocols are not important unless you are a network engineer (if you are interested in learning more about how they work and what they do, Key CDN has a great article). The important thing to know is that APLN, being the newer protocol, is not as widely supported by web server software as NPN is.

Therefore, by removing support for NPN, Google Chrome is restricting HTTP/2 negotiation to servers that support ALPN. We love HTTP/2 because it provides huge performance benefits that can more than double the speed of your site (when compared to HTTP/1.1) and requires SSL/TLS to be used. So losing HTTP/2 capabilities is not good!

Notably, many Linux distributions, including recent/current versions of CentOS, Debian, and Ubuntu, do not have ALPN support. This is because they are using an older version of OpenSSL, the library that provides the capability.

In most cases, a manual upgrade of OpenSSL will allow you to gain ALPN support and start using HTTP/2. However, some server admins may not have the ability, time, or access, to do so. Until they do, web servers that don’t support ALPN are stuck with HTTP/1.1.

A Controversial Change

Some have said this decision is extremely premature and will slow the transition from HTTP/1.1 to HTTP/2, while providing little benefit.

In defense of the decision, Ilya Grigorik, a web performance engineer at Google, said that “the number of NPN negotiations we see today is nearly negligible.” Specifically, Google’s metrics show that less than 1% of handshakes use NPN to negotiate.

In addition to the removal of NPN, Google Chrome 51 will be removing SPDY, Google’s experimental protocol. While HTTP/2 was still being finalized, Google created SPDY as an intermediate upgrade over HTTP/1.1. Now that HTTP/2 is finalized and has been implemented in many browsers and servers, Google thinks it is time to say goodbye to SPDY.

The deprecation of NPN, combined with the removal of SPDY will certainly lead to a bit of a setback in the adoption of modern web protocols. However, given the size and scale of HTTP/2 migration, this will probably be nothing more than a small blip in a long transition.

Author

Vincent Lynch

The SSL Store’s encryption expert makes even the most complex topics approachable and relatable.

Recent Posts

Follow Us

Free Ebooks

eBook
Email Spoofing Defense 101 (A 5-Step Guide)

Download Now

eBook
Certificate Lifecycle Management Best Practices Guide

Download Now

eBook
10 Code Signing Best Practices

Download Now