What is QUIC? Understand The Protocol

A protocol defines how data is transferred over the internet between two devices. And since protocols need to be matched between the client and the responding server, the industry has overwhelmingly relied on a few widely-adopted staples. The longest-standing protocols include TCP and UDP, each of which has been around for decades.

This changed in 2013, when Google started trialing a new approach: the QUIC protocol provides a way for Google applications to transmit data faster and with less protocol latency than traditional protocols.

Weitere Informationen DEMO ANFORDERN

How Does the QUIC Protocol Work?

QUIC is an encrypted transport protocol built on top of UDP. It’s designed to combine the speed of UDP with the security of protocols like TLS, effectively creating a fast, secure internet connection.

Unlike traditional protocols where authentication and encryption are managed by higher-layer solutions, such as TLS, QUIC integrates these features directly into the transport layer.

This makes QUIC faster and more efficient for modern web traffic.

  • It works by initiating a rapid handshake process, which allows it to establish a secure connection quickly.
  • Once the handshake is complete, QUIC sends multiple encrypted data streams simultaneously to the server, reducing latency and improving performance.

By embedding both authentication and encryption into the protocol itself, QUIC streamlines secure communication while maintaining the lightweight benefits of UDP.

Fast Handshake

The handshake is a crucial part of every network protocol. QUIC replaces the traditional three-way handshake used in TCP with the authentication and encryption process of the TLS 1.3 handshake.

To break it down, a typical TCP connection involves:

  • The client sending a SYN packet
  • The server responding with a SYN-ACK packet
  • The client finalizing the connection with an ACK packet

This three-step process is required before any data can be transmitted.

QUIC eliminates this requirement by operating over UDP. Since UDP does not require connection establishment in the same way, QUIC enables data to be sent immediately over UDP-compatible links, reducing latency.

In some cases, QUIC can send data during the very first connection cycle – known as 0-RTT (zero round-trip time). It is possible when the server has a previously cached connection with the client. But, while 0-RTT improves speed, it isn’t always the most secure option and may expose data to replay attacks if not properly handled.

Verschlüsselung

In addition to its fast handshake, QUIC introduces built-in encryption. Traditionally, over TCP, encryption was handled separately through the TLS protocol, which required its own handshake to negotiate the version and cipher suite. This handshake established the encryption algorithms and protocols that would be used for the session.

Since QUIC is built on UDP, it modifies the traditional TLS handshake to fit within its streamlined architecture. QUIC achieves this by sending a Client Hello (CHLO) wrapped in two specific components:

  • An Initial packet
  • A Crypto frame

This packaging allows the cryptographic handshake to be included within the very first UDP datagram that the client sends. As a result, the transport and encryption handshakes are merged into a single, efficient step. After this initial exchange, QUIC behaves much like TLS 1.3.

All subsequent communication between the client and server is encrypted using session keys from the handshake.

Packet Order

QUIC is built on UDP, a protocol known for its speed but not for its reliability – packets can be dropped or arrive out of order. On the other hand, TCP ensures reliability but at the cost of increased latency. In TCP, if an error occurs in one stream, all concurrent streams from the client are paused until the issue is resolved.

QUIC strikes a balance between speed and reliability by organizing data into independent streams and ensuring that each stream maintains its own internal packet order.

But, QUIC does not enforce packet order between different streams.

For example, imagine two streams – Stream A and Stream B – being transferred from a server to a client.

  • Stream A. If a packet from Stream A is lost, Stream A will handle the retransmission independently.
  • Stream B continues uninterrupted and can complete its transfer without being affected by the loss in Stream A.

This level of stream independence is a key improvement over previous protocols like HTTP/2, where packet loss in one stream could stall others sharing the same connection.

The Challenges of QUIC Protocol

Although QUIC already transports a significant portion of Google’s application data, its broader adoption across globally distributed environments remains limited.

One of the main barriers is the slow pace of change in internet infrastructure. TCP has been the dominant transport layer protocol for over 40 years and is capable of carrying virtually any type of data. While QUIC offers clear advantages, especially in reducing latency over long distances, such as intercontinental connections, its benefits are often seen as narrow in scope compared to TCP’s versatility.

Google has aggressively promoted QUIC adoption, advancing its development and integration across its services. However, this has left many enterprises scrambling to adapt to standards and trends.

As a result, QUIC implementation challenges remain considerable, particularly for organizations with complex infrastructure, legacy systems, or a lack of in-house expertise.

Risks of 0-RTT

For cached connections, QUIC enables data to be sent during the very first roundtrip – known as 0-RTT. While this approach effectively eliminates handshake latency, it introduces notable security concerns.

One major risk is the absence of a fresh cryptographic handshake. If the original connection used to cache session information was compromised, any application data sent during the resumed connection could also be exposed.

Another concern involves replay attacks. Application data sent via 0-RTT can be intercepted by an on-path attacker and replayed multiple times to the same server. In most cases, encryption helps mitigate this type of threat, but 0-RTT weakens that layer of protection by bypassing full renegotiation.

As a result, while 0-RTT offers performance benefits, it must be used cautiously, especially in scenarios involving sensitive data or high security requirements.

Firewall Incompatibility

From an enterprise security standpoint, QUIC introduces additional challenges – particularly for organizations relying on deep packet inspection and traffic decryption.

One key issue is that QUIC does not support SSL decryption, which is a common method used by enterprise firewalls to inspect and secure network traffic. Instead, QUIC uses its own proprietary encryption. Since it’s widely deployed across Google’s suite of applications, this creates a significant blind spot in network visibility and control for IT teams.

Another challenge lies in QUIC’s design philosophy.

Google built QUIC to be flexible and easily updatable, unlike the rigid and aging TCP infrastructure. While this approach supports rapid innovation, it also requires firewalls and security tools to adapt quickly to protocol-level changes. This ongoing need for updates can place a heavy burden on IT teams and infrastructure.

As a result, some firewall providers recommend blocking QUIC entirely until more mature and compatible security tools are available. From evolving documentation to inconsistent implementation, QUIC’s security challenges continue to accumulate, particularly for enterprise environments.

Enforce High-Speed Network Security with Check Point

Check Point Quantum is an industry-leading firewall that now supports QUIC. But Quantum Network Security offers far more than visibility into Google applications: it delivers Check Point’s deep threat awareness alongside SandBlast zero-day protection. To gain an understanding of those cutting-edge threats, explore our 2025 risk report.

On-demand hyperscale infrastructure keeps latency low and provides seamless scalability as an organization’s needs evolve. For better, clearer management, Quantum offers a unified management system that integrates visibility into networks, clouds, and IoT environments.

Experience the full capabilities of Check Point Quantum by starting your free demo today.

Loslegen

Cybersicherheit-Management-Plattform

Cloud-gehostetes Sicherheitsmanagement

Check Point Infinity

Verwandte Themen

Netzwerk Management

HTTP/3

Security Management

Was ist ein DNS?

Was ist TCP/IP?