Closed Bug 1855589 Opened 1 years ago Closed 1 years ago

When using HTTPS, if suffering TCP Reset, and website supports HTTP/3 (QUIC), switch to HTTP/3 immediately or after several failures

Categories

(Core :: Networking, enhancement)

Product:
Core
Component:
Networking
Type:
enhancement

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: Tom25519, Unassigned)

Details

In my country, some websites are blocked by gov's censorship firewall, but fortunately, it couldn't handle HTTP/3 (QUIC) right now, website which blocked when using TLS over TCP by TCP Reset attack, may accessible when using HTTP/3.
Unfortunately, sometimes Fenix doesn't use HTTP/3 even when suffering TCP Reset, even though website supports HTTP/3, for example, https://cloudflare.f-droid.org

Resolve DNS in Fenix about:networking#dnslookuptool
IPs 2606:4700:10::6816:234 2606:4700:10::6816:334 2606:4700:10::ac43:f2f 104.22.2.52 104.22.3.52 172.67.15.47 HTTP RRs 1 cloudflare.f-droid.org.cdn.cloudflare.net (alpn="h3,h2" ipv4hint="104.22.2.52, 104.22.3.52, 172.67.15.47" ipv6hint="2606:4700:10::6816:234, 2606:4700:10::6816:334, 2606:4700:10::ac43:f2f" )

Kershaw, do you think this feature request is feasible for us to implement? I think this enhancement is bit complex involving changes both in neqo and necko code.

Flags: needinfo?(kershaw)

(In reply to Sunil Mayya from comment #1)

Kershaw, do you think this feature request is feasible for us to implement? I think this enhancement is bit complex involving changes both in neqo and necko code.

I think we might not want to support this. This is not easy to support.
In our current implementation, we need to know if a server supports HTTP/3 first before making the connection.

For the case in this bug, I think enabling DoH on Fenix would be helpful.

Status: UNCONFIRMED → RESOLVED
Closed: 1 years ago
Flags: needinfo?(kershaw)
Resolution: --- → WONTFIX

(In reply to Kershaw Chang [:kershaw] from comment #2)

(In reply to Sunil Mayya from comment #1)
I think we might not want to support this. This is not easy to support.
In our current implementation, we need to know if a server supports HTTP/3 first before making the connection.

We can know if a server supports HTTP/3 via HTTPS RR, for example, alpn="h3,h2".

In fact, we could even make parallel connection (HTTP/2 and HTTP/3) if we have been know a server supports both HTTP/2 and HTTP/3, to achieve fastest connection speed, I know this from an article before, but I seems couldn't find it now.

You need to log in before you can comment on or make changes to this bug.