HTTP/3 QUIC Protocol NEEDS to Change, how to Disable it
This has been on on going discussion between administrators ever since Google started using the HTTP/3 QUIC Protocol. What is HTTP/3 QUIC? It is now a hidden UDP gateway that encrypts traffic direct to a Gogole service. Problem? The problem is that administrators cannot see any network information in netstat (in Winows, Linux, Android or iOS) for what the protocol is connected to. This is beyond bad, if you are using any type of VPN (Enterprise or other) you have no idea what connections are going through the HTTP/3 QUIC protocol. I am pretty sure viruses and malware creators will be jumping onto this protocol as traffic is next to impossible to track (unless you are an enterprise with Hardware connection checking), even with checking you do not know what the protocol is connecting to. A lot of other services have started to use the protocol.
Google changed the protocol from using outgoing UDP 443, to creating it’s own ‘hidden’ gateway. In netstat during the use of the protocol, every connection is a separate hidden gateway (there is no way of seeing IP data) where as with normal TCP and UDP connections you see every connection, with IP data for every connection. Netstat was meant for this type of checking by admins and users to check for virus / malware connections and other uses for application Firewalling. In Linux normally anything with networking and gateways requires ROOT privileges (I will be pushing for Debian to block this protocol), this gateway creation does not for some reason. Why have google designed it this way? Because they want to hide the gateway information and what is going through it, no other logical answer. Organizations need to block this protocol completely.
Another thing I do not get with browser creators: why are you force enabling ‘Experimental Protocols’ by default? You are giving one Company a protocol, auto enabling it without questioning it.
How to Disable HTTP/3 QUIC
As this protocol is built into most browsers you have to disable it on every browser profile, for whatever browser you are using.
Google Chrome
In the browser address bar, type chrome://flags
. Disable the Experimental QUIC protocol option.
Microsoft Edge
In the browser adddress bar, type edge://flags/
. Disable the Experimental QUIC protocol option.
Mozilla Firefox
In the browser address bar, type: about:config
. Search for and disable network.http.http3.enable
Opera
In the browser address bar, type: opera://flags/#enable-quic
. From the Experimental QUIC protocol drop-down list, select Disabled.