Good news for Debian users! HTTP3 arrives in Debian Curl. Yes, starting with curl 8.0.0-2, Debian users can now utilize HTTP3. This marks a significant upgrade in the capabilities of curl, enhancing its performance and efficiency in handling web communications.
Table of Contents
How to use HTTP3 with Curl in Debian
This new feature can be easily tested using the --http3-only
flag.
To use HTTP3 with curl, simply run the following command:
curl --http3-only https://example.com
Alternatively, you can test it in a container using Podman:
podman run debian:unstable apt install --update -y curl && curl --http3-only https://example.com
Note that the apt
command now includes the --update
option for the upgrade
and install
commands, although this feature is not yet available in the stable version.
Availability Across Debian Versions
The HTTP3 support for curl is rolling out across different Debian versions.
- Debian Unstable: Already available since July 2, 2024.
- Debian Testing: Expected to receive the update in mid-July 2024, assuming no issues arise.
- Debian 12/bookworm Backports: Will be available as soon as the package reaches Debian Testing.
- Debian 12/bookworm: Due to Debian's commitment to stability, this feature won't be shipped in the regular repository for Debian 12. However, users can access it through the backports repositories.
- Debian Derivatives: Rolling releases will receive it when it's in Debian Testing. Stable derivatives will include it in their next major release.
Overcoming Technical Challenges
HTTP3 is relatively new, and no other Linux distribution currently supports it in curl. The primary challenges include:
- OpenSSL Support: OpenSSL lacks proper HTTP3 support. Almost every curl package uses OpenSSL, making it risky to switch the TLS backend.
- Performance Issues: The performance of OpenSSL is not yet satisfactory for HTTP3 as of version 3.3.
- Nginx Compatibility: Although nginx supports HTTP3 through OpenSSL, it recommends using other SSL libraries like BoringSSL, LibreSSL, or QuicTLS for better QUIC support.
Debian curl uses GnuTLS, which recently gained non-experimental support for HTTP3 via ngtcp2 and nghttp3. This made it feasible to enable HTTP3 in Debian's curl package.
Implementation Process
Debian's curl package historically includes both OpenSSL and GnuTLS variants of libcurl. The GnuTLS variant can already support HTTP3, while the OpenSSL variant cannot.
Steps Taken
The Debian developers took the following steps to implement this feature in curl:
- Fulfill Dependencies: Ensure all required dependencies meet the minimum requirements.
- Enable HTTP3 for GnuTLS libcurl: Activate HTTP3 support in the GnuTLS version of libcurl.
- Switch TLS Backend: Change the curl CLI's TLS backend from OpenSSL to GnuTLS.
This process involved updating nghttp3, which required a transition due to a SONAME bump, and ensuring all dependencies were compatible. Once dependencies were in place, enabling HTTP3 was straightforward.
Ensuring Stability
To avoid breaking users' environments, the following steps were taken:
- No Direct Push to Stable: The change will not be pushed to current stable releases. It will be present in the next stable release (13/trixie).
- Risk Analysis: Assess the risk of losing functionality limited to the OpenSSL backend. The only significant feature potentially affected is the experimental Encrypted Client Hello (ECH), which is not yet supported by standard OpenSSL.
- CI Testing: The CI tests for all packages depending on curl are running to ensure no breakages. Results are compared against the pre-change curl CLI with OpenSSL.
If no issues arise, curl with HTTP3 support will migrate to Debian Testing in a couple days (approximately 5 days). If problems are found, they will be addressed before migration, which is expected to take less than a month.
Related Read:
- Wcurl: A User-Friendly Curl Wrapper For Easy File Downloads
- How To Install Curl With GnuTLS Backend In Debian
Conclusion
The inclusion of HTTP3 in Debian's curl is a significant step forward. It enhances the performance and capabilities of curl, aligning with the latest web standards. Even though this upgrade is complex, the Debian developers carefully managed it to ensure stability and reliability for all users.
Resource: