HTTP/3 is everywhere but nowhere

Original Article ↗ Hacker News Discussion ↗

Status of .NET/C# and Cross‑Platform Support

  • Several commenters note .NET already has solid QUIC/HTTP/3 via msquic and modern cross‑platform .NET, arguing it’s unfairly excluded from “major languages.”
  • Debate over whether .NET is truly cross‑platform like Go: JIT and self‑contained builds can target other OSes easily, but true cross‑OS native AOT is still limited.
  • Linux support sparks arguments: some say .NET is poorly integrated into major distros and Windows‑first; others counter that current distros ship dotnet packages and that multiple cross‑platform GUI stacks exist.
  • Perception and Microsoft’s history (lock‑in, security, closed bits like vsdbg) are seen as major reasons .NET is culturally underrated.

Why HTTP/3 Support Lags

  • QUIC/HTTP‑3 are considered complex, pushing logic into user space and depending heavily on TLS libraries; OpenSSL’s slow QUIC API story is repeatedly blamed.
  • Many languages’ stdlibs (Go, Python, Rust, Node, Ruby, Java) don’t ship HTTP/3, and core teams are conservative about exposing unstable APIs.
  • Reverse proxies and CDNs terminate HTTP/3 at the edge and speak HTTP/1.1 or 2 to backends, so app frameworks feel little pressure to add native HTTP/3.
  • Maintainers of OSS stacks prioritize stability and simplicity; HTTP/3 is viewed as extra surface area and debugging burden with marginal gains for most apps.

Servers, Proxies, and Libraries

  • nginx is criticized for still lacking production‑ready HTTP/3; HAProxy, Caddy, Envoy, Traefik, and .NET’s YARP are cited as working alternatives.
  • CDNs (Cloudflare, Akamai, Fastly) widely support HTTP/3 to clients but often only HTTP/1.1 or 2 to origins.
  • On clients: curl has experimental HTTP/3; Python’s popular requests library is intentionally frozen without HTTP/2/3 or async; newer Python and Rust libraries (niquests, quiche, quinn, h3, s2n‑quic) are emerging but not yet dominant.

Performance, Use Cases, and Skepticism

  • Supporters say HTTP/3 shines on high‑latency, lossy, mobile connections and multiplexed workloads; some report real p95/p99 latency wins in production.
  • Critics point to research showing significantly worse throughput than HTTP/2 on fast links and higher CPU cost; they argue HTTP/3 mainly benefits hyperscalers, ads, and very large global systems.
  • Many small sites or server‑to‑server deployments see negligible user‑visible benefits; some explicitly stick to HTTP/1.1 or 2 for simplicity.

Security, Privacy, and Ecosystem Effects

  • Moving transport logic out of the kernel raises worries about more vulnerable code paths; others call per‑app TLS stacks “lunacy” and wish for shared system crypto.
  • HTTP/3/TLS versions are already used in fingerprinting and bot detection; people report Cloudflare‑style CAPTCHAs and blocking of non‑mainstream browsers, fueling concern that lack of HTTP/3 will become another gatekeeping signal.
  • Several draw parallels to IPv6: corporate‑driven, technically sound in some respects, but slow, uneven rollout and limited visible benefit for many developers.