H2O is a new generation HTTP server that provides quicker response to users with less CPU, memory bandwidth utilization when compared to older generation of web servers. Designed from ground-up, the server implements of HTTP/2 and HTTP/3 taking the advantages of features including new and old content prioritization schemes, server push, 103 Early Hints, promising outstanding experience to the visitors of the web site.
Explanation of the benchmark charts can be found in the benchmarks page.
Key Features
- HTTP/1.0, HTTP/1.1
- HTTP/2
- full support for dependency and weight-based prioritization with server-side tweaks
- cache-aware server push
- HTTP/3
- full support for Extensible Priorities (RFC 9218)
- fusion AES-GCM engine for fast QUIC packet generation
- TCP
- TCP Fast Open
- low latency tweaks
- TLS
- session resumption (standalone & memcached)
- session tickets with automatic key rollover
- automatic OCSP stapling
- forward secrecy
- zerocopy and hardware crypto offloading
- private key protection using privilege separation with support for Intel QuickAssist Technology
- static file serving
- FastCGI
- reverse proxy
- scriptable using mruby (Rack-based)
- graceful restart and self-upgrade
- BPF-based tracing tool (experimental)
News
- Due to a security vulnerability, users using h2o as a reverse proxy are advised to update immediately CVE-2023-30847 (Apr 27 2023)
- Version 2.2.6, 2.3.0-beta1 has been released with a vulnerability fix #2090 (Aug 13 2019)
- Version 2.3.0-beta1 has been released (Jun 2 2018)
- Version 2.2.5 has been released with a vulnerability fix #1775 (Jun 1 2018)
- Version 2.2.4 has been released with two vulnerability fixes #1543 and #1544 (Dec 15 2017)
- Version 2.2.3 has been released with two vulnerability fixes #1459 and #1460 (Oct 19 2017)
List of all the vulnerabilities having been fixed can be found here.