[arch-devops] HTTP/2 on Luna

Pierre Schmitz pierre at archlinux.de
Mon May 16 11:17:42 UTC 2016


On 08.05.2016 18:31, Pierre Schmitz wrote:
> Hi all,
> 
> I'd like to enable h2 on luna. Are there any objections? I have done
> this on my server already and it's pretty straight forward. We might
> need to adjust the ssl_ciphers configuration.

I just configured h2 on luna (bbs,wiki,aur). The cipher configuration is 
complicated. The HTTP/2 spec blacklists a bunch of ciphers. In the end I 
relied on what Mozilla recommends. It's a good balance if we don't want 
to exclude too much clients.

See:
https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10&openssl=1.0.2&hsts=yes&profile=intermediate
http://http2.github.io/http2-spec/#rfc.section.9.2.2
https://www.ssllabs.com/ssltest/analyze.html?d=bbs.archlinux.org&hideResults=on

Greetings,

Pierre

-- 
Pierre Schmitz, https://pierre-schmitz.com


More information about the arch-devops mailing list