H2O is a new generation HTTP server that provides quicker response to users with less CPU utilization when compared to older generation of web servers. Designed from ground-up, the server takes full advantage of HTTP/2 features including prioritized content serving and server push, promising outstanding experience to the visitors of your web site.
Key Features
- HTTP/1.0, HTTP/1.1
- HTTP/2
- full support for dependency and weight-based prioritization with server-side tweaks
- cache-aware server push
- TCP Fast Open
- TLS
- session resumption (standalone & memcached)
- session tickets with automatic key rollover
- automatic OCSP stapling
- forward secrecy & fast AEAD ciphers1
- private key protection using privilege separation
- static file serving
- FastCGI
- reverse proxy
- scriptable using mruby (Rack-based)
- graceful restart and self-upgrade
- BPF-based tracing tool (experimental)
News
- Due to a security vulnerability, users using h2o as a reverse proxy are advised to update immediately CVE-2023-30847 (Apr 27 2023)
- Version 2.2.6, 2.3.0-beta1 has been released with a vulnerability fix #2090 (Aug 13 2019)
- Version 2.3.0-beta1 has been released (Jun 2 2018)
- Version 2.2.5 has been released with a vulnerability fix #1775 (Jun 1 2018)
- Version 2.2.4 has been released with two vulnerability fixes #1543 and #1544 (Dec 15 2017)
- Version 2.2.3 has been released with two vulnerability fixes #1459 and #1460 (Oct 19 2017)
List of all the vulnerabilities having been fixed can be found here.
Notes:
- chacha20-poly1305: see Do the ChaCha: better mobile performance with cryptography