Your IP: Unknown · Your Status: Unprotected Protected
Blog In Depth

This is what you need to know about the new QUIC protocol

Sep 30, 2020 · 4 min read

This is what you need to know about the new QUIC protocol

Take the best of the Transmission Control Protocol (TCP), add the security of TLS encryption, and then make them establish a connection and transfer data 3 times faster. If you think that’s impossible, you haven’t heard of QUIC. Can any internet protocol be that perfect? Find out more about QUIC below.

What is QUIC?

QUIC (Quick UDP Internet Connection) is a new encrypted transport layer network protocol. QUIC was designed to make HTTP traffic more secure, efficient, and faster. Theoretically, QUIC has taken all the best qualities of TCP connections and TLS encryption and implemented it on UDP. But if QUIC is so similar to TCP+TLS over an HTTP/2 connection, why did it need to be created?

What is QUIC protocol used for?

QUIC is a low-latency transportation protocol often used for apps and services that require speedy online service. This kind of protocol is a necessity for gamers, streamers, or anyone who relies on VoIP in their day-to-day life. Here are the changes QUIC brings to an online session:

  1. Reduced connection times. To establish TLS encryption, the client and the server need to perform a TLS handshake and exchange encryption keys. It’s a “lengthy” process in IT terms, as there are 4 round-trip requests involved. When the data is transferred over TCP, even more steps are added to this process, slowing down the connection even more. QUIC replaces all of this with a single handshake.
  2. Better performance when data packets are lost. HTTP/2 on TCP can suffer from head-of-line blocking, a phenomenon where a line of data packets can be held up by the first packet. If one data packet is lost, the recipient must wait for it to be retrieved, which has a huge impact on connection performance. The QUIC protocol solves this problem by allowing streams of data to reach their destination independently. They no longer need to wait for the missing data packet to be repaired.
  3. Stable connections when networks are changed. If you are connected to a web server via TCP and your network suddenly changes (from Wi-Fi to 4G, for example), each connection times out and needs to be reestablished. QUIC allows for a smoother transition by giving each connection to a web server a unique identifier. These can be reestablished by simply sending a packet rather than establishing a new connection, even if your IP changes.
  4. Easier to improve and develop. TCP is implemented in operating system kernels, which means changing it is close to impossible. QUIC can be implemented on the application level, making it a more flexible protocol.

What apps use QUIC?

Google has been pushing for widespread QUIC integration since its genesis in the early 2010s. While the protocol is technically still experimental and in its draft phase, Google already uses it in its Chrome browser. Any connection to a Google server is established via QUIC. As to be expected, everything under Google’s umbrella uses QUIC. YouTube, Blogger, Hangouts – they’re all QUIC-based.

QUIC has also been adopted by businesses that rely on a stable, fast connection for their service to be viable. Uber, for example, uses QUIC for their mobile apps. They rely on short bursts of latency-reliant data transfers – something that QUIC can help with. Less packet loss means a more efficient app.

How quick is QUIC?

Is QUIC really worth choosing over the standard TCP/IP connection we’ve relied on for so long? In a world where speed dictates success, QUIC is soon to have a much larger presence online. With Google announcing that, on average, QUIC searches are one second faster than TCP searches, the age of QUIC may come quicker than we think.

QUIC relies on multiplexing — this is what gives it an edge over TCP. Where TCP uses a single end-to-end connection point, QUIC establishes multiple connections between 2 endpoints. If one of the streams of information is interrupted, either by shoddy connection or other outside interference, the multiple connection points will allow the streams of information to continue. If a website uses TCP and the connection is disrupted, the data in the packet midway between endpoints will now hold up the rest of the information This head-of-line blocking has been an issue for decades, and QUIC solves it.

If you want to get into the nitty-gritty of which protocol performs more efficiently — TCP or QUIC — have a look at a test run here. The results show that, in the right situation and under the right circumstances, QUIC performs marginally better. However, we need to remember that TCP has been in use and has worked for decades. QUIC has been used for not even half the amount of time that TCP has been prevalent. Knowing Google’s resources and the fact that QUIC can be implemented on an application level instead of an operating system level like TCP, QUIC may just start to outstrip its competition very soon.

Is QUIC as flawless as it seems?

There are few downsides to the QUIC protocol. It improves web communications and reduces latency, but it’s still in its experimental stages. It’s not widely adopted by other websites or web servers, nor is it supported by cybersecurity tools such as firewalls. Because of this, experimental QUIC protocol can currently open a security loophole.

Firewalls pass HTTP and HTTPS traffic through a web protection module, which performs malware scanning. But what happens if the connection is made via QUIC? Well, the browser and supporting web servers do recognize it as a QUIC connection, but the device you are browsing on may not. It treats it like simple UDP traffic, which doesn’t get sent to your firewall’s web protection module.

What can you do?

Until it’s adopted more widely and recognized by most firewalls, it’s recommended to block or disable QUIC:

  1. Open your Chrome browser and enter chrome://flags/ into your address bar. Here you’ll see all experimental features available on Chrome.
  2. Find Experimental QUIC protocol and select Disabled.

For more cybersecurity tips, subscribe to our free monthly newsletter below!


Emily Green
Emily Green successVerified author

Emily Green is a content writer who loves to investigate the latest internet privacy and security news. She thrives on looking for solutions to problems and sharing her knowledge with NordVPN readers and customers.


Subscribe to NordVPN blog