Hypercorn | Stack | Fluid Attacks Help

Hypercorn

Rationale

Hypercorn is the web-server used by Fluid Attacks' Platform.

The main reasons why we chose it over other alternatives are:

  1. It is Open source.
  2. It has full asynchronous programming support, which is critical for performance.
  3. It supports both HTTP/2 and HTTP/3, this is critical for both security and performance.
  4. It has full parallelism support, allowing us to have several workers within a single machine, which is critical for performance.
  5. It supports hot reloading, critical for development experience.
  6. It seamlessly integrates with Starlette.

Alternatives

The following alternatives were considered but not chosen for the following reasons:

Granian

  1. Granian only supports HTTP/2, which reduces security and performance.
  2. It is still a highly experimental project that could become relevant in the future.

Socketify.py

  1. Socketify only supports HTTP/2, which reduces security and performance.
  2. It only performs considerably faster when implemented as a framework, which would forces us to also replace Starlette with it, increasing complexity.
  3. Its fastest variants require us to use PyPy, increasing complexity.
  4. It does not support hot reloading, decreasing development experience.

Uvicorn

  1. Uvicorn only supports HTTP/1.1, which reduces security and performance.
  2. It does not support parallelism, negatively impacting performance.

Gunicorn

  1. Gunicorn requires implementing Uvicorn for ASGI support, thus inheriting most of the disadvantages mentioned before.
  2. We detected a high rate of 5XX HTTP errors when using it.

Usage

We use Hypercorn as the web-server for Fluid Attacks' Platform.