On 08.05.2016 18:31, Pierre Schmitz wrote:
Hi all,
I'd like to enable h2 on luna. Are there any objections? I have done this on my server already and it's pretty straight forward. We might need to adjust the ssl_ciphers configuration.
I just configured h2 on luna (bbs,wiki,aur). The cipher configuration is complicated. The HTTP/2 spec blacklists a bunch of ciphers. In the end I relied on what Mozilla recommends. It's a good balance if we don't want to exclude too much clients. See: https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10&openssl=1.0.2&hsts=yes&profile=intermediate http://http2.github.io/http2-spec/#rfc.section.9.2.2 https://www.ssllabs.com/ssltest/analyze.html?d=bbs.archlinux.org&hideResults=on Greetings, Pierre -- Pierre Schmitz, https://pierre-schmitz.com