HTTP/3 (QUIC)
Learning Focus
By the end of this lesson you will understand what HTTP/3 offers, when to enable it, and the firewall requirements for QUIC.
What HTTP/3 Changes
HTTP/3 replaces TCP with QUIC (UDP-based transport), eliminating TCP head-of-line blocking and reducing connection setup time.
| Feature | HTTP/2 (TCP) | HTTP/3 (QUIC) |
|---|---|---|
| Transport | TCP | UDP |
| Handshake | TCP + TLS (2 round trips) | 1 round trip (0-RTT possible) |
| Head-of-line blocking | Per connection | Per stream (eliminated) |
| Best for | Standard networks | Lossy networks, mobile users |
Enabling HTTP/3
- In WebAdmin, go to Listeners → SSL listener → SSL tab
- Set Enable HTTP/3 (QUIC) to
Yes - Save and Graceful Restart
Firewall Requirement
# HTTP/3 uses UDP port 443 — you MUST open it
sudo ufw allow 443/udp
# Verify both TCP and UDP are open
sudo ufw status | grep 443
# Expected:
# 443/tcp ALLOW Anywhere
# 443/udp ALLOW Anywhere
warning
If your firewall blocks UDP 443, HTTP/3 will silently fail and browsers will fall back to HTTP/2. Always open UDP 443 when enabling HTTP/3.
Verifying HTTP/3
# Using curl with HTTP/3 support (curl 7.66+ with QUIC)
curl --http3 -sI https://example.com | head -1
# Expected: HTTP/3 200
# Check Alt-Svc header (browsers use this to discover HTTP/3)
curl -sI https://example.com | grep -i "alt-svc"
# Expected: alt-svc: h3=":443"; ma=86400
Key Takeaways
- HTTP/3 uses QUIC (UDP) to reduce latency, especially on lossy networks.
- Enable it only after confirming firewall and upstream network support for UDP 443.
- Browsers fall back to HTTP/2 gracefully if HTTP/3 is unavailable.
What's Next
- Return to the Performance Optimization module for the complete overview.