[arch-devops] HTTP/2 on Luna
Pierre Schmitz
pierre at archlinux.de
Mon May 16 11:17:42 UTC 2016
On 08.05.2016 18:31, Pierre Schmitz wrote:
> Hi all,
>
> I'd like to enable h2 on luna. Are there any objections? I have done
> this on my server already and it's pretty straight forward. We might
> need to adjust the ssl_ciphers configuration.
I just configured h2 on luna (bbs,wiki,aur). The cipher configuration is
complicated. The HTTP/2 spec blacklists a bunch of ciphers. In the end I
relied on what Mozilla recommends. It's a good balance if we don't want
to exclude too much clients.
See:
https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10&openssl=1.0.2&hsts=yes&profile=intermediate
http://http2.github.io/http2-spec/#rfc.section.9.2.2
https://www.ssllabs.com/ssltest/analyze.html?d=bbs.archlinux.org&hideResults=on
Greetings,
Pierre
--
Pierre Schmitz, https://pierre-schmitz.com
More information about the arch-devops
mailing list