HTTP/2 & TLSv1.3: 2019 adoption & review of specs

HTTP/2 and TLSv1.3 specifications come with many new improvements to standard protocols that are core to all we do on the internet.

Knowing the benefits of these improvements, as well as how and when to take advantage of them can help drive development and architecture implementation decisions for the better.

HTTP/2 Highlights

• Current adoption 33.1% (as of 2019/02/02) cited from: https://w3techs.com/technologies/details/ce-http2/all/all
• All requests on connection share the same stream which removes the Head Of Line problem with HTTP/1.1
• Headers are compressed with references to header (this includes those large cookies that can crash Angular apps)
• Header compression format used: https://http2.github.io/http2-spec/compression.html
• Requires encryption

TLSv1.3 Highlights

Current adoption 0.06% (as of 2017/12/26) cited from: https://blog.cloudflare.com/why-tls-1-3-isnt-in-browsers-yet/

Separates key agreement and authentication algorithms from cipher suites

Removes support for weak, lesser-used elliptic curves

### Added features: 
- Full handshake signature  
- Downgrade protection  
- Abbreviated resumption with optional (EC)DHE  
- Curve 25519 and 448  

### Removed features:  
- Static RSA handshake  
- CBC MtE modes  
- RC4  
- SHA1, MD5  
- Compression  
- Renegotiation