SPDY (pronounced speedy) is a now-deprecated open-specification networking protocol that was developed primarily at Google for transporting web content. SPDY manipulates HTTP traffic, with particular goals of reducing web page load latency and improving web security. SPDY achieves reduced latency through compression, multiplexing, and prioritization, although this depends on a combination of network and website deployment conditions. The name "SPDY" is a trademark of Google and is not an acronym.
Contents
- History
- Design
- Relation to HTTP
- Protocol support
- Protocol versions
- Client browser support and usage
- Server support and usage
- References
Throughout the process, the core developers of SPDY have been involved in the development of HTTP/2, including both Mike Belshe and Roberto Peon. In February 2015, Google has announced that following the recent final ratification of the HTTP/2 standard, support for SPDY would be deprecated, and that support for SPDY would be withdrawn. Google removed SPDY support in Google Chrome 51. Mozilla removed it in Firefox 50.
History
As of July 2012, the group developing SPDY stated publicly that it was working toward standardisation (available as an Internet Draft). The first draft of HTTP/2 used SPDY as the working base for its specification draft and editing.
Implementations of SPDY exist in Chromium, Mozilla Firefox, Opera, Amazon Silk, Internet Explorer, and Safari, with the implementations for Chromium and Firefox being open source software.
In February 2015, Google announced its plans to remove support for SPDY in favor of HTTP/2. HTTP/2 was first discussed when it became apparent that SPDY was gaining traction with implementers (like Mozilla and nginx), and was showing significant improvements over HTTP/1.x. After a call for proposals and a selection process, SPDY/2 was chosen as the basis for HTTP/2. Since then, there have been a number of changes, based on discussion in the Working Group and feedback from implementers.
On February 11, 2016, Google announced that Chrome would no longer support SPDY and NPN after May 15, 2016, the anniversary of RFC 7540.
Design
The goal of SPDY is to reduce web page load time. This is achieved by prioritizing and multiplexing the transfer of web page subresources so that only one connection per client is required.TLS encryption is nearly ubiquitous in SPDY implementations, and transmission headers are gzip- or DEFLATE-compressed by design (in contrast to HTTP, where the headers are sent as human-readable text). Moreover, servers may hint or even push content instead of awaiting individual requests for each resource of a web page.
SPDY requires the use of SSL/TLS (with TLS extension ALPN) for security but it also supports operation over plain TCP. The requirement for SSL is for security and to avoid incompatibility when communication is across a proxy.
Relation to HTTP
SPDY does not replace HTTP; it modifies the way HTTP requests and responses are sent over the wire. This means that all existing server-side applications can be used without modification if a SPDY-compatible translation layer is put in place.
SPDY is effectively a tunnel for the HTTP and HTTPS protocols. When sent over SPDY, HTTP requests are processed, tokenized, simplified and compressed. For example, each SPDY endpoint keeps track of which headers have been sent in past requests and can avoid resending the headers that have not changed; those that must be sent are compressed.
The IETF working group for HTTPbis has released the draft of HTTP/2. SPDY (draft-mbelshe-httpbis-spdy-00) was chosen as the starting point.
Protocol support
For use within HTTPS, SPDY needs the TLS extension Next Protocol Negotiation (NPN), thus browser and server support depends on the HTTPS library.
OpenSSL 1.0.1 or greater introduces NPN. Patches to add NPN support have also been written for NSS and TLSLite.
SPDY is scheduled to switch from NPN to Application-Layer Protocol Negotiation (ALPN) before the end of 2014.
Security Support Provider Interface (SSPI) from Microsoft have not implemented the NPN extension to its TLS implementation. This has prevented SPDY inclusion in the latest .NET Framework versions. Since SPDY specification is being refined and HTTP/2 is expected to include SPDY implementation one could expect Microsoft to release support after HTTP/2 is finalized.
Protocol versions
SPDY is a versioned protocol. In its control frames there are 15 dedicated bits to indicate the version of the session protocol.
Client (browser) support and usage
chrome://net-internals/#events&q=type:SPDY_SESSION%20is:active
. There is a command-line switch for Google Chrome (--enable-websocket-over-spdy
) which enables an early, experimental implementation of WebSocket over SPDY. SPDY protocol functionality can be (de)activated by toggling "Enable SPDY/4" setting on local chrome://flags
page. Chromium is expected to remove support for SPDY and Next Protocol Negotiation in early 2016, in favor of HTTP/2 and ALPN. Starting with version 40.x in Feb 2015 Chrome has already dropped support for SPDY/3 and only supports SPDY/3.1 going forward. This has caused Apache websites to be without SPDY support when visited from Google Chrome.network.http.spdy.enabled
variable in about:config
. Firefox 15 added support for SPDY 3. Firefox 27 has added SPDY 3.1 support. Firefox 28 has removed support of SPDY 2. about:networking
(or the HTTP/2 and SPDY indicator add-on) shows if a website uses SPDY.Server support and usage
As of July 2016, approximately 7.1% of all websites support SPDY. Fielded versions of the two most popular web servers, NGINX and Apache, are the major providers of SPDY traffic. although the latest version of NGINX has now removed SPDY support. This compares with an adoption rate of 8.1% for the newer HTTP/2 protocol, which as of 2016 had overtaken the adoption of SPDY.
Some Google services (e.g. Google search, Gmail, and other SSL-enabled services) use SPDY when available. Google's ads are also served from SPDY-enabled servers.
A brief history of SPDY support amongst major web players:
According to W3Techs, as of July 2016, most SPDY-enabled websites use nginx, with the LiteSpeed web server coming second.