Started by Gregg, October 12, 2015, 08:59:51 PM

Previous topic - Next topic


Here are some notes I have compiled (in my head) over the past month.

Currently, the major player in the web browser sphere only suppot HTTP/2 over TLS1.2. While the module can do HTTP/2 over TCP (non encrypted) the only client I know that can support it is Curl. I have no idea if any of the downloads available support it however, none mention it but that doesn't mean they do not.

The 2.4.17 Release Announcement here mentions the cipher dilemma. There is a big Blacklist of ciphers that are not allowed. One thing that becomes abundantly clear quickly is no CBC cipher, even if they are TLS/1.2 ciphers. The strongest of the GCM ciphers seems to be ok but not every GCM cipher. And of course as stated on the 2.4.17 Release Announcement, ECDHE-RSA-AES128-GCM-SHA256 works on all browsers supporting HTTP/2.

HTTP/2 holds connections open longer which is what gives it speed over HTTP/1.1. The lack of need to keep opening new connections for new requests from the same visitor saves a lot of time. It also uses streams to send and receive data and can do both at the same time (async). Due to the length of time connections remain open it does slow down restarts and shutdowns as the module has to close all open connections first.

I cannot remember what else I wanted to say here right now but as I remember things I'll add them later. I expect many questions so feel free to ask.


With Chacha[1] backported to OpenSSL 1.0.1 [2] --> Chrome can use it with 256 bit encryption.

Firefox can use HTTP/2 TLSv1.2, IE 11 and Edge on Win 10 can. Also Safari 9