Safari doesn’t default to HTTP/3 running over QUIC, it uses HTTP/2 instead

[hyperbolic]

I was under the impression that in iOS 16, Safari will default to using HTTP/3 running over QUIC when connecting to websites, and it will only downgrade to HTTP/2 if the given website does not support HTTP/3. Not all websites support HTTP/3 + QUIC, but certainly the “big ones” do.

Now, it turns out that I’m using Private Relay (PR), so it’s possible that my end to end website connections are indeed using HTTP/3 running over QUIC, but for some reason when you hit an HTTP/3 test website, PR causes the test website to incorrectly report that your browser is using HTTP/2? Can any developers confirm this?

Try as a test:

https://cloudflare-quic.com/

If it’s true that Safari in iOS 16.4.1 is not using HTTP/3 for websites that support it, that would be disappointing. I think(?) Apple definitely mentioned HTTP/3 running over QUIC would be the preferred default, and HTTP/2 would only be used if it’s impossible to use HTTP/3 in a given situation. There are important security and performance benefits to using HTTP/3 running over QUIC.

—>> I really should try some tests with PR turned off, don’t have time now, but will test later and report back.

 

[hyperbolic]

Nope… Just tried testing with Private Relay turned off, and Safari is still using HTTP/2, even on a website that clearly supports HTTP/3 running over QUIC: the Cloudflare HTTP/3 + QUIC test page itself! Lol.

Why is Safari not using HTTP/3?? I have not modified any of the experimental settings in Safari, so that’s not the answer. This seems to truly be a bug, and one I hope apple fixes asap.

Here’s the link for anyone who wants to test for themselves:

https://cloudflare-quic.com/

Thanks.

 

[Nermal]

You're going to love this... that Cloudflare page uses HTTP/3 on my 2022 SE with OS 16.4.1a. I don't use Private Relay.

Edit: It uses HTTP/3 on 4G. When I switch to Wi-Fi it uses HTTP/2... but I'm at work, so it might very well be a corporate firewall that's causing the downgrade here.

 

[hyperbolic]

You're going to love this... that Cloudflare page uses HTTP/3 on my 2022 SE with OS 16.4.1a. I don't use Private Relay.

Edit: It uses HTTP/3 on 4G. When I switch to Wi-Fi it uses HTTP/2... but I'm at work, so it might very well be a corporate firewall that's causing the downgrade here.

Ahhh, you make a very clever suggestion. I’m behind a standard cable modem that supplies the WiFi and who knows what kind of firewall they use (don’t ever go with Xfinity — I’m moving off it this month).

Going to test 4G/LTE now. One moment…

Welp, it’s “almost” as bad as it can be.

1. Safari uses HTTP/2 if you’re on WiFi, but this may be due to how your cable modem is configured. HTTP/2 is used regardless of whether or not Private Relay is turned on (maybe someone can test using a VPN — I don’t have one installed atm).

2. If you turn off WiFi and kick on the cell & 4G/LTE….

• IFF you have Private Relay running, Safari uses HTTP/2 (that’s just great. Lol. I can’t believe Apple didn’t catch this routine bug in testing — where’s the QA on this)?

• IFF you turn Private Relay OFF (and no VPN either), then YES, Safari uses HTTP/3… and since HTTP/3 is apparently built to run on top of QUIC, then I assume QUIC is being employed as well.

It’s not all bad news, though. . In all cases, Apple uses TLS v1.3 (as opposed to 1.2), so that’s good news.

Here are two more links you can use to test if your Safari app is using HTTP/3:

https://cloudflare.com/cdn-cgi/trace

https://browserleaks.com/ip

If anyone has better luck or a way to “fix” these situations, please let us know. Thanks!

 

[Nermal]

I'm home now, and the same phone on my home Wi-Fi uses HTTP/3. Meanwhile Safari 16.4.1 under MacOS 12.6.5 uses HTTP/2 on the same Internet connection.

 

[jetsam]

I was under the impression that in iOS 16, Safari will default to using HTTP/3 running over QUIC when connecting to websites, and it will only downgrade to HTTP/2 if the given website does not support HTTP/3. Not all websites support HTTP/3 + QUIC, but certainly the “big ones” do.

Now, it turns out that I’m using Private Relay (PR), so it’s possible that my end to end website connections are indeed using HTTP/3 running over QUIC, but for some reason when you hit an HTTP/3 test website, PR causes the test website to incorrectly report that your browser is using HTTP/2? Can any developers confirm this?

Try as a test:

https://cloudflare-quic.com/

If it’s true that Safari in iOS 16.4.1 is not using HTTP/3 for websites that support it, that would be disappointing. I think(?) Apple definitely mentioned HTTP/3 running over QUIC would be the preferred default, and HTTP/2 would only be used if it’s impossible to use HTTP/3 in a given situation. There are important security and performance benefits to using HTTP/3 running over QUIC.

—>> I really should try some tests with PR turned off, don’t have time now, but will test later and report back.

To further muddy the waters:

On my home Wi-Fi, with PR on, iPhone Safari uses HTTP/2 for that cloudflare test page.
Yesterday I was at my doctor's office, on their Wi-Fi. I changed nothing, other than the Wi-Fi network I was using. I went into Mobile Safari, and that test page was still showing. I reloaded the page, and, voila! HTTP/3.