SPDY

Updated on Nov 03, 2023

Edit

Comment

SPDY (pronounced speedy) is a now-deprecated open-specification networking protocol that was developed primarily at Google for transporting web content. SPDY manipulates HTTP traffic, with particular goals of reducing web page load latency and improving web security. SPDY achieves reduced latency through compression, multiplexing, and prioritization, although this depends on a combination of network and website deployment conditions. The name "SPDY" is a trademark of Google and is not an acronym.

Throughout the process, the core developers of SPDY have been involved in the development of HTTP/2, including both Mike Belshe and Roberto Peon. In February 2015, Google has announced that following the recent final ratification of the HTTP/2 standard, support for SPDY would be deprecated, and that support for SPDY would be withdrawn. Google removed SPDY support in Google Chrome 51. Mozilla removed it in Firefox 50.

History

As of July 2012, the group developing SPDY stated publicly that it was working toward standardisation (available as an Internet Draft). The first draft of HTTP/2 used SPDY as the working base for its specification draft and editing.

Implementations of SPDY exist in Chromium, Mozilla Firefox, Opera, Amazon Silk, Internet Explorer, and Safari, with the implementations for Chromium and Firefox being open source software.

In February 2015, Google announced its plans to remove support for SPDY in favor of HTTP/2. HTTP/2 was first discussed when it became apparent that SPDY was gaining traction with implementers (like Mozilla and nginx), and was showing significant improvements over HTTP/1.x. After a call for proposals and a selection process, SPDY/2 was chosen as the basis for HTTP/2. Since then, there have been a number of changes, based on discussion in the Working Group and feedback from implementers.

On February 11, 2016, Google announced that Chrome would no longer support SPDY and NPN after May 15, 2016, the anniversary of RFC 7540.

Design

The goal of SPDY is to reduce web page load time. This is achieved by prioritizing and multiplexing the transfer of web page subresources so that only one connection per client is required.TLS encryption is nearly ubiquitous in SPDY implementations, and transmission headers are gzip- or DEFLATE-compressed by design (in contrast to HTTP, where the headers are sent as human-readable text). Moreover, servers may hint or even push content instead of awaiting individual requests for each resource of a web page.

SPDY requires the use of SSL/TLS (with TLS extension ALPN) for security but it also supports operation over plain TCP. The requirement for SSL is for security and to avoid incompatibility when communication is across a proxy.

Relation to HTTP

SPDY does not replace HTTP; it modifies the way HTTP requests and responses are sent over the wire. This means that all existing server-side applications can be used without modification if a SPDY-compatible translation layer is put in place.

SPDY is effectively a tunnel for the HTTP and HTTPS protocols. When sent over SPDY, HTTP requests are processed, tokenized, simplified and compressed. For example, each SPDY endpoint keeps track of which headers have been sent in past requests and can avoid resending the headers that have not changed; those that must be sent are compressed.

The IETF working group for HTTPbis has released the draft of HTTP/2. SPDY (draft-mbelshe-httpbis-spdy-00) was chosen as the starting point.

Protocol support

For use within HTTPS, SPDY needs the TLS extension Next Protocol Negotiation (NPN), thus browser and server support depends on the HTTPS library.

OpenSSL 1.0.1 or greater introduces NPN. Patches to add NPN support have also been written for NSS and TLSLite.

SPDY is scheduled to switch from NPN to Application-Layer Protocol Negotiation (ALPN) before the end of 2014.

Security Support Provider Interface (SSPI) from Microsoft have not implemented the NPN extension to its TLS implementation. This has prevented SPDY inclusion in the latest .NET Framework versions. Since SPDY specification is being refined and HTTP/2 is expected to include SPDY implementation one could expect Microsoft to release support after HTTP/2 is finalized.

Protocol versions

SPDY is a versioned protocol. In its control frames there are 15 dedicated bits to indicate the version of the session protocol.

Version 1: version 1 of the SPDY protocol is not used anymore.

Version 2: soon to be discontinued. Nginx supports SPDY/2 in versions prior to 1.5.10. Firefox 28 and recent versions of Chrome drop support for it. OpenLiteSpeed 1.1 and up support SPDY/2.

Version 3: SPDY v3 introduced support for flow control, updated the compression dictionary, and removed wasted space from certain frames, along with other minor bug fixes. Firefox supports SPDY v3 in Firefox 15. OpenLiteSpeed 1.1 and up support SPDY/3.

Version 3.1: SPDY v3.1 introduced support for session-layer flow control, and removed the CREDENTIALS frame (and associated error codes). Firefox 27 has added SPDY 3.1 support. OpenLiteSpeed 1.2.7 introduces SPDY/3.1 support. Nginx 1.5.10 supports SPDY/3.1. F5 BIGIP 11.6 supports SPDY/3.1.

Version 4.0: SPDY v4 alpha3 is more closely aligned with the HTTP/2 draft; it has a new stream flow control and error codes unified with the HTTP/2 draft.

Client (browser) support and usage

Google Chrome/Chromium. SPDY sessions in Chrome can be inspected via the URI: chrome://net-internals/#events&q=type:SPDY_SESSION%20is:active. There is a command-line switch for Google Chrome (--enable-websocket-over-spdy) which enables an early, experimental implementation of WebSocket over SPDY. SPDY protocol functionality can be (de)activated by toggling "Enable SPDY/4" setting on local chrome://flags page. Chromium is expected to remove support for SPDY and Next Protocol Negotiation in early 2016, in favor of HTTP/2 and ALPN. Starting with version 40.x in Feb 2015 Chrome has already dropped support for SPDY/3 and only supports SPDY/3.1 going forward. This has caused Apache websites to be without SPDY support when visited from Google Chrome.

Firefox supports SPDY 2 from version 11, and default-enabled since 13 and later. (Also SeaMonkey version 2.8+.) SPDY protocol functionality can be (de)activated by toggling the network.http.spdy.enabled variable in about:config. Firefox 15 added support for SPDY 3. Firefox 27 has added SPDY 3.1 support. Firefox 28 has removed support of SPDY 2. about:networking (or the HTTP/2 and SPDY indicator add-on) shows if a website uses SPDY.

Opera browser added support for SPDY as of version 12.10.

Internet Explorer 11 added support for SPDY version 3, but not for the Windows 7 version. A problem experienced by some users of Windows 8.1 and Internet Explorer 11 is that on initial loading, Google says "Page not found" but on reloading, it is fine. One fix for this is to disable SPDY/3 in Internet Options > Advanced. After version 11, IE will drop the support of SPDY, as it will adopt HTTP/2.

Amazon's Silk browser for the Kindle Fire uses the SPDY protocol to communicate with their EC2 service for Web pages rendering.

Safari 8 and third-party applications in OS X 10.10 and iOS 8 adds support for SPDY 2, 3 and 3.1.

Server support and usage

As of July 2016, approximately 7.1% of all websites support SPDY. Fielded versions of the two most popular web servers, NGINX and Apache, are the major providers of SPDY traffic. although the latest version of NGINX has now removed SPDY support. This compares with an adoption rate of 8.1% for the newer HTTP/2 protocol, which as of 2016 had overtaken the adoption of SPDY.

Some Google services (e.g. Google search, Gmail, and other SSL-enabled services) use SPDY when available. Google's ads are also served from SPDY-enabled servers.

A brief history of SPDY support amongst major web players:

In November, 2009, Google announced SPDY as an internal project to increase the speed of the web.

In September, 2010, Google releases SPDY in Chrome for all versions of Chrome 6.

In January, 2011, Google deployed SPDY across all Google services.

In March 2012, Twitter enabled SPDY on its servers, at the time making it the second largest site known to deploy SPDY.

In March 2012, the open source Jetty Web Server announced support for SPDY in version 7.6.2 and 8.1.2, while other open source projects were working on implementing support for SPDY, like node.js, Apache (mod_spdy), curl, and nginx.

In April 2012 Google started providing SPDY packages for Apache servers which led some smaller websites to provide SPDY support.

In May 2012 F5 Networks announced support for SPDY in its BIG-IP application delivery controllers.

In June 2012 NGINX, Inc. announced support for SPDY in the open source web server Nginx.

In July 2012 Facebook announced implementation plans for SPDY. By March 2013 SPDY was implemented by some of their public web servers.

In August 2012 WordPress.com announced support for SPDY (using nginx) across all their hosted blogs.

In June 2013, LiteSpeed Technologies announced support for SPDY/2 and SPDY/3 on OpenLiteSpeed, their open source HTTP server. Support for SPDY/3.1 was announced November 2013.

In January 2014, Synology announced SPDY is included in the new DSM 5.0.

In February 2014, CloudFlare using nginx announced automatic support for SPDY v3.1 for all customers with SSL/TLS certificates.

In May 2014, MaxCDN using nginx announced support for SPDY v3.1 via customers' Pull Zone settings and their API.

In October 2014, Yahoo shows support of SPDY on the Yahoo Homepage — www.yahoo.com

In September 2015, the latest version of the Nginx web server dropped SPDY support in favour of HTTP/2

In May 2016, CloudFlare releases patches to Nginx web server, the patches supports HTTP/2 and SPDY simultaneously.

According to W3Techs, as of July 2016, most SPDY-enabled websites use nginx, with the LiteSpeed web server coming second.

References

SPDY Wikipedia

(Text) CC BY-SA

Contents