SPDY
SPDY is a deprecated open-specification networking protocol that was developed primarily at Google for transporting web content. SPDY manipulates HTTP traffic, with particular goals of reducing web page load latency and improving web security. SPDY achieves reduced latency through compression, multiplexing, and prioritization, although this depends on a combination of network and website deployment conditions. The name "SPDY" is a trademark of Google and is not an acronym.
Throughout the process, the core developers of SPDY have been involved in the development of HTTP/2, including both Mike Belshe and Roberto Peon. In February 2015, Google announced that following the recent final ratification of the HTTP/2 standard, support for SPDY would be deprecated, and that support for SPDY would be withdrawn. Google removed SPDY support in Google Chrome 51. Mozilla removed it in Firefox 50. Apple has deprecated the technology in macOS 10.14.4 and iOS 12.2.
History
, the group developing SPDY stated publicly that it was working toward standardisation. The first draft of HTTP/2 used SPDY as the working base for its specification draft and editing.Implementations of SPDY exist in Chromium, Mozilla Firefox, Opera, Amazon Silk, Internet Explorer, and Safari, with the implementations for Chromium and Firefox being open source software.
In February 2015, Google announced its plans to remove support for SPDY in favor of HTTP/2. HTTP/2 was first discussed when it became apparent that SPDY was gaining traction with implementers, and was showing significant improvements over HTTP/1.x. After a call for proposals and a selection process, SPDY was chosen as the basis for HTTP/2. Since then, there have been a number of changes, based on discussion in the Working Group and feedback from implementers.
On February 11, 2016, Google announced that Chrome would no longer support SPDY and NPN after May 15, 2016, the anniversary of RFC 7540.
On January 25, 2019, Apple announced that SPDY would be deprecated in favor of HTTP/2, and would be removed in future releases.
Design
The goal of SPDY is to reduce web page load time. This is achieved by prioritizing and multiplexing the transfer of web page subresources so that only one connection per client is required. TLS encryption is nearly ubiquitous in SPDY implementations, and transmission headers are gzip- or DEFLATE-compressed by design. Moreover, servers may hint or even push content instead of awaiting individual requests for each resource of a web page.SPDY requires the use of SSL/TLS for security but it also supports operation over plain TCP. The requirement for SSL is for security and to avoid incompatibility when communication is across a proxy.
Relation to HTTP
SPDY does not replace HTTP; it modifies the way HTTP requests and responses are sent over the wire. This means that all existing server-side applications can be used without modification if a SPDY-compatible translation layer is put in place.SPDY is effectively a tunnel for the HTTP and HTTPS protocols. When sent over SPDY, HTTP requests are processed, tokenized, simplified and compressed. For example, each SPDY endpoint keeps track of which headers have been sent in past requests and can avoid resending the headers that have not changed; those that must be sent are compressed.
The IETF working group for HTTPbis has released the draft of HTTP/2. SPDY was chosen as the starting point.
Protocol support
For use within HTTPS, SPDY needs the TLS extension Next Protocol Negotiation, thus browser and server support depends on the HTTPS library.OpenSSL 1.0.1 or greater introduces NPN. Patches to add NPN support have also been written for NSS and TLSLite.
SPDY is scheduled to switch from NPN to Application-Layer Protocol Negotiation before the end of 2014.
Security Support Provider Interface from Microsoft have not implemented the NPN extension to its TLS implementation. This has prevented SPDY inclusion in the latest.NET Framework versions. Since SPDY specification is being refined and HTTP/2 is expected to include SPDY implementation one could expect Microsoft to release support after HTTP/2 is finalized.
Protocol versions
SPDY is a versioned protocol. In its control frames there are 15 dedicated bits to indicate the version of the session protocol.- Version 1: version 1 of the SPDY protocol is not used anymore.
- Version 2: soon to be discontinued. Nginx supports SPDY/2 in versions prior to 1.5.10. Firefox 28 and recent versions of Chrome drop support for it. OpenLiteSpeed 1.1 and up support SPDY/2.
- Version 3: SPDY v3 introduced support for flow control, updated the compression dictionary, and removed wasted space from certain frames, along with other minor bug fixes. Firefox supports SPDY v3 in Firefox 15. OpenLiteSpeed 1.1 and up support SPDY/3.
- Version 3.1: SPDY v3.1 introduced support for session-layer flow control, and removed the CREDENTIALS frame. Firefox 27 has added SPDY 3.1 support. OpenLiteSpeed 1.2.7 introduces SPDY/3.1 support. Nginx 1.5.10 supports SPDY/3.1. F5 BIGIP 11.6 supports SPDY/3.1.
- Version 4.0: SPDY v4 alpha3 is more closely aligned with the HTTP/2 draft; it has a new stream flow control and error codes unified with the HTTP/2 draft.
Client (browser) support and usage
- Google Chrome/Chromium. SPDY sessions in Chrome can be inspected via the URI:
chrome://net-internals/#events&q=type:SPDY_SESSION%20is:active. There is a command-line switch for Google Chrome which enables an early, experimental implementation of WebSocket over SPDY. SPDY protocol functionality can be activated by toggling "Enable SPDY/4" setting on localchrome://flagspage. Chromium is expected to remove support for SPDY and Next Protocol Negotiation in early 2016, in favor of HTTP/2 and ALPN. Starting with version 40.x in Feb 2015 Chrome has already dropped support for SPDY/3 and only supports SPDY/3.1 going forward. This has caused Apache websites to be without SPDY support when visited from Google Chrome. - Firefox supports SPDY 2 from version 11, and default-enabled since 13 and later. SPDY protocol functionality can be activated by toggling the variable in
. Firefox 15 added support for SPDY 3. Firefox 27 has added SPDY 3.1 support. Firefox 28 has removed support of SPDY 2.about:networkingshows if a website uses SPDY. - Opera browser added support for SPDY as of version 12.10.
- Internet Explorer 11 added support for SPDY version 3, but not for the Windows 7 version. A problem experienced by some users of Windows 8.1 and Internet Explorer 11 is that on initial loading, Google says "Page not found" but on reloading, it is fine. One fix for this is to disable SPDY/3 in Internet Options > Advanced. After version 11, IE will drop the support of SPDY, as it will adopt HTTP/2.
- Amazon's Silk browser for the Kindle Fire uses the SPDY protocol to communicate with their EC2 service for Web pages rendering.
- Safari 8 and third-party applications in OS X 10.10 and iOS 8 adds support for SPDY 2, 3 and 3.1.
Server support and usage
Some Google services use SPDY when available. Google's ads are also served from SPDY-enabled servers.
A brief history of SPDY support amongst major web players:
- In November 2009, Google announced SPDY as an internal project to increase the speed of the web.
- In September 2010, Google releases SPDY in Chrome for all versions of Chrome 6.
- In January 2011, Google deployed SPDY across all Google services.
- In March 2012, Twitter enabled SPDY on its servers, at the time making it the second largest site known to deploy SPDY.
- In March 2012, the open source Jetty Web Server announced support for SPDY in version 7.6.2 and 8.1.2, while other open source projects were working on implementing support for SPDY, like node.js, Apache, curl, and nginx.
- In April 2012 Google started providing SPDY packages for Apache servers which led some smaller websites to provide SPDY support.
- In May 2012 F5 Networks announced support for SPDY in its BIG-IP application delivery controllers.
- In June 2012 NGINX, Inc. announced support for SPDY in the open source web server Nginx.
- In July 2012 Facebook announced implementation plans for SPDY. By March 2013 SPDY was implemented by some of their public web servers.
- In August 2012 WordPress.com announced support for SPDY across all their hosted blogs.
- In June 2013, LiteSpeed Technologies announced support for SPDY/2 and SPDY/3 on OpenLiteSpeed, their open source HTTP server. Support for SPDY/3.1 was announced November 2013.
- In January 2014, Synology announced SPDY is included in the new DSM 5.0.
- In February 2014, CloudFlare using nginx announced automatic support for SPDY v3.1 for all customers with SSL/TLS certificates.
- In May 2014, MaxCDN using nginx announced support for SPDY v3.1 via customers' Pull Zone settings and their API.
- In October 2014, Yahoo shows support of SPDY on the Yahoo Homepage — www.yahoo.com
- In September 2015, the latest version of the Nginx web server dropped SPDY support in favour of HTTP/2
- In May 2016, CloudFlare releases patches to Nginx web server, the patches supports HTTP/2 and SPDY simultaneously.