H2O is a new generation HTTP server that provides quicker response to users with less CPU utilization when compared to older generation of web servers. Designed from ground-up, the server takes full advantage of HTTP/2 features including prioritized content serving and server push, promising outstanding experience to the visitors of your web site.
Explanation of the benchmark charts can be found in the benchmarks page.
Key Features
- HTTP/1.0, HTTP/1.1
- HTTP/2
- full support for dependency and weight-based prioritization with server-side tweaks
- cache-aware server push
- TCP Fast Open
- TLS
- session resumption (standalone & memcached)
- session tickets with automatic key rollover
- automatic OCSP stapling
- forward secrecy & fast AEAD ciphers1
- private key protection using privilege separation
- static file serving
- FastCGI
- reverse proxy
- scriptable using mruby (Rack-based)
- graceful restart and self-upgrade
- BPF-based tracing tool (experimental)
News
- Due to a security vulnerability, users using h2o as a reverse proxy are advised to update immediately CVE-2023-30847 (Apr 27 2023)
- Version 2.2.6, 2.3.0-beta1 has been released with a vulnerability fix #2090 (Aug 13 2019)
- Version 2.3.0-beta1 has been released (Jun 2 2018)
- Version 2.2.5 has been released with a vulnerability fix #1775 (Jun 1 2018)
- Version 2.2.4 has been released with two vulnerability fixes #1543 and #1544 (Dec 15 2017)
- Version 2.2.3 has been released with two vulnerability fixes #1459 and #1460 (Oct 19 2017)
List of all the vulnerabilities having been fixed can be found here.
Notes:
- chacha20-poly1305: see Do the ChaCha: better mobile performance with cryptography