Enabling HTTP/2 on your web server

HTTP/2 is supported by most modern browsers nowadays (more than 97%), even IE 11. It has quite a few benefits (including multiplexing and concurrency) and you can easily enable it on your server. Well, it will be rather easy as long as it's Apache 2.4.17 (or better) or Nginx 1.9.5 (or better).

Before you enable HTTP/2, you will need to have HTTPS working. If you don't have a certificate yet, get one today - DV (Domain Validation) certificates can be obtained at no cost with just a few mouse clicks in your browser.

Once you have your SSL certificate, you can use Mozilla SSL Configuration Generator to configure your web server to use it. Please note that even though you can configure the server to have HTTP/2 over clear-text (h2c) too, browsers may not support it.

With HTTPS working, all you need to do is to do the following:

  • For Apache add a new line into VirtualHost section: Protocols h2 http/1.1
  • For Nginx add "http2" to the "listen" directive of an appropriate "server" block : listen 443 ssl http2;

Things to remember:

  • HTTP/2 works over HTTPS
  • HTTP/2 is picky about ciphers

The latter may need some explanation - there is a list of ciphers defined in RFC 7540’s Appendix A: TLS 1.2 Ciper Suite Black List. If one of those is enabled on the server, you might have problems connecting to it. And what's more, Firefox will not indicate at all what's wrong - it just won't connect. In Chrome you might see an error message about insufficient security. For example, with "ssl_prefer_server_ciphers" enabled on Nginx and ciphers left at default you will fail to connect. You also need to make sure that TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher is enabled (see RFC 7540 section 9.2.2 - TLS 1.2 Cipher Suites).

Once the ciphers are set up, restart the web server and you should be able to use HTTP/2. If you still have questions about what HTTP/2 is, see this FAQ.

© Do-Know.com