H2O is a new generation HTTP server that provides quicker response to users with less CPU, memory bandwidth utilization when compared to older generation of web servers. Designed from ground-up, the server implements of HTTP/2 and HTTP/3 taking the advantages of features including new and old content prioritization schemes, server push, 103 Early Hints, promising outstanding experience to the visitors of the web site.
Key Features
- HTTP/1.0, HTTP/1.1
- HTTP/2
- full support for dependency and weight-based prioritization with server-side tweaks
- cache-aware server push
- HTTP/3
- full support for Extensible Priorities (RFC 9218)
- fusion AES-GCM engine for fast QUIC packet generation
- TCP
- TCP Fast Open
- low latency tweaks
- TLS
- session resumption (standalone & memcached)
- session tickets with automatic key rollover
- automatic OCSP stapling
- forward secrecy
- zerocopy and hardware crypto offloading
- private key protection using privilege separation with support for Intel QuickAssist Technology
- static file serving
- FastCGI
- reverse proxy
- scriptable using mruby (Rack-based)
- graceful restart and self-upgrade
- BPF-based tracing tool (experimental)
News
- Due to a security vulnerability, users using h2o as a reverse proxy are advised to update immediately CVE-2023-30847 (Apr 27 2023)
- Version 2.2.6, 2.3.0-beta1 has been released with a vulnerability fix #2090 (Aug 13 2019)
- Version 2.3.0-beta1 has been released (Jun 2 2018)
- Version 2.2.5 has been released with a vulnerability fix #1775 (Jun 1 2018)
- Version 2.2.4 has been released with two vulnerability fixes #1543 and #1544 (Dec 15 2017)
- Version 2.2.3 has been released with two vulnerability fixes #1459 and #1460 (Oct 19 2017)
List of all the vulnerabilities having been fixed can be found here.