Hey there, fellow developers! I had a chance to participate in a session of “Boost performance and security with modern networking” in the Apple WWDC. Here is the quick summary I think I should share:
Do you want to make your app faster, safer and smarter so that it can deliver more value to the client business? Of course, you do! That's why you need to know about the latest and greatest networking technologies that can boost your app's performance and security. In this post, I'll give you a quick overview of some of the most important networking protocols that you should be using in your app: IPv6, HTTP/2, TLS 1.3 and Encrypted DNS. Let's dive in!
1. Using IPv6.
IPv6 has a number of benefit that you should consider:
- Larger Address Space: 3.4 x 10^38 unique IP addresses on v6 vs 4.3b on v4
- Improved Security: IPv6 comes with built-in security features including IPsec, which offers data integrity, authentication, and encryption for internet traffic.
- Simplified Header Format: compared to IPv4, IPv6 features a simpler and more effective header structure, which lowers processing costs and boosts the speed of the internet connection
- Prioritize: IPv6 offers stronger support for QoS features, allowing internet service providers to priorities traffic and guarantee that essential applications, like voice and video, receive the required bandwidth and low latency
- Improved Support for Mobile Devices: smartphones and tablets could gain a lot of benefits from IPv6 with quicker and more efficient in term of connection
2. Upgrade to HTTP/2
HTTP/2 attempts to solve many of the shortcomings and inflexibilities of HTTP/1.1
- Multiplexing and concurrency: many requests can be sent and getting responses with just one connection
- Header compression: HTTP header size is drastically reduced
- Server push: The server can send resources the client has not yet requested
You can see how fast HTTP/2 much faster compared to HTTP/1 in here
2.1 Upgrade to HTTP/3
HTTP/3 will be the first major upgrade to the hypertext transfer protocol since HTTP/2 was approved in 2015. An important difference in HTTP/3 is that it runs on QUIC, a new transport protocol. QUIC is designed for mobile-heavy Internet usage in which people carry smartphones that constantly switch from one network to another as they move about their day. Some benefits
- Developing a workaround for the sluggish performance when a smartphone switches from WiFi to cellular data (such as when leaving the house or office)
- Decreasing the effects of packet loss
- Faster connection establishment: QUIC allows TLS version negotiation to happen at the same time as the cryptographic and transport handshakes
- Zero round-trip time (0-RTT): For servers they have already connected to, clients can skip the handshake requirement
- More comprehensive encryption: QUIC’s new approach to handshakes will provide encryption by default — a huge upgrade from HTTP/2 — and will help mitigate the risk of attacks. More info
3. Upgrade to TLS 1.3
TLS 1.3 is the latest version of the TLS protocol. TLS 1.3 dropped support for older, less secure cryptographic features, and it sped up TLS handshakes, among other improvements. So, it is considered to be better and safer than TLS 1.2.
The benefits:
- Improved Performance and Efficiency: TLS 1.3 handshake is faster than TLS 1.2 due to one round trips instead of two.
- More Robust Security:
-- Perfect Forward Secrecy - discard the encryption keys for every session (no more static like TLS 1.2)
-- Simple and Stronger Cipher Suites:
4. Encrypted DNS
Traditionally, DNS queries and replies are performed over plaintext. They are sent over the Internet without any kind of encryption or protection, even when you are accessing a secured website. This has a great impact on security and privacy, as these queries might be subject to surveillance, spoofing and tracking by malicious actors, advertisers, ISPs, and others. To prevent this and secure your connections, your server communication should support DNS over TLS (DoT) and DNS over HTTPS (DoH), two standards developed for encrypting plaintext DNS traffic. This prevents untrustworthy entities from interpreting and manipulating your queries.
#happycoding
