Test HTTP2 support for Apache
In Strech mod_http2 will be available.
Seems pretty straightforward, but the resource consumption may be a problem.
#1 Updated by Marc Dequènes almost 2 years ago
- Status changed from New to In Progress
- Assignee set to Marc Dequènes
- % Done changed from 0 to 30
I've been testing HTTP2 on Elwing which was recently upgraded to Debian Stretch.
Interesting reading: https://bagder.gitbooks.io/http2-explained/content/en/
Howto I followed: https://icing.github.io/mod_h2/howto.html
So the interesting thing is theTLS ciphers are restricted and if the server even propose one in the blacklist the connection will fail. So having strong ciphers is not enough, you must not have inappropriate ciphers. This said, our current list of ciphers are not deemed acceptable, so I resorted to this one:
I think one of the major problem is the PSK variants were not explicitely removed. I also removed old protocols as recommended:
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
I decided not to activate h2c because we want to push for HTTPS, and it seems several browser vendors decided to not implement support for it anyway.
Elwing has HTTP2 activated server-wide with this simple line:
Protocols h2 http/1.1
At the moment all vhosts seem to work fine.
The http2-status handler to get more HTTP2-specific status does not work (404) while it is supposed to be in 2.4.19 (but loading and logs do not give any error).
#4 Updated by Marc Dequènes almost 2 years ago
- % Done changed from 60 to 80
Upgraded Toushirou on HTTP2 successfully.We've been hit by Debian#850947 on these vhosts:
It was not a big deal because APT does not use (yet) HTTP2, but I forced the protocols on these vhosts to exclude h2 and it works fine.