QUIC Protocol

We all know about TCP & UDP. They’ve been around for a long time and are well understood. QUIC is a new(ish) implementation, which although has been around for nearly a decade now, it’s gaining more and more traction across the world. Initially created by Google it adds security and speed to HTTP traffic by essentially extending UDP.

We know that TCP uses a SYN > SYN/ACK > ACK handshake between client and server. If the connection is encrypted, then you are adding the TLS handshake to the end of that. QUIC includes the TLS 1.2 or 1.3 handshake as part of the initial process. When the client opens a connection, the data needed to encrypt the connection is also included. This removes the need for an initial unencrypted connection which could be hijacked.

QUIC packets are individually encrypted & since the protocol is built on UDP, it’s much faster. For example switching between networks no longer waits for a TCP timeout. This means error control needs to be handled further up the stack. Since it can be implemented at the application layer, this means the kernal doesn’t need to be updated. We see it being implemented in the browser, which is also becoming the default window for many business applications in the modern office. QUIC should help in securing that too.

Have a look at the protocol as your firewall may not support it. QUIC can be thought of as UDP over 443, so traffic will be invisible & not inspected unless your firewalls, proxies etc know about it. For example, you are doing traffic inspection or SSL decrypt/re-encrypt.