SPDY - without TLS?

Question

I'm trying to implement SPDY (with Node.js) for use on a high latency connection.

Now SPDY uses TLS encryption and this would increase the packet length - something I'm trying to avoid.

Is there such thing as a SPDY implementation without the TLS encryption?

Many thanks in advance,

Answer 1

SPDY's framing layer does not need to run over TLS, but for deployment reasons, it almost always does. It's hard to reliably deploy without running encrypted over port 443, because of intermediaries. Note the SPDY whitepaper says: "To make SSL the underlying transport protocol, for better security and compatibility with existing network infrastructure. Although SSL does introduce a latency penalty, we believe that the long-term future of the web depends on a secure network connection. In addition, the use of SSL is necessary to ensure that communication across existing proxies is not broken."

That said, the C++ Flip server in the Chromium repository does support running without SSL, and the Chromium browser can be configured to support this.

PS: There's also an existing node.js implementation, see http://www.chromium.org/spdy.

Answer 2

If you want to test your SPDY server locally and without TLS, you can force chrome to use SPDY even without the NPN upgrade. To do so, pass --use-spdy=no-ssl to Chrome when you load it up.

You can confirm that the flag is registered by opening chrome://net-internals/#spdy and checking in there.