Menu
I have made a website with HTTP/2 Protocol which is running on Apache 2.4.18 HTTP Server. Currently I have made the website is SSL Enabled because I read somewhere that HTTP/2 by default requires SSL. I may not require to make my website secure, so I don't want to spend money in buying a SSL Certificate.
Is there a way to implement HTTP2 Protocol without using SSL Configurations ? If yes, what configuration settings should I write in httpd.conf file ? Do I need to change any properties/settings of my Browser - Chrome/Firefox etc ?
967
Enable HTTPS on your server since almost all browsers allow HTTP/2 only over HTTPS. Hence, it's necessary to install an SSL certificate. TLS 1.2 and above with modern cipher suites is required. The Apache version must be 2.4.
While HTTP/2 does not require the use of encryption in its formal spec, every major browser that has implemented HTTP/2 has only implemented support for encrypted connections, and no major browser is working on support for HTTP/2 over unencrypted connections.
As far I know, the most web browsers will not use HTTP2 Protocol if you would connect to the web site via HTTP instead of HTTPS.
There are many places where you can get SSL certificate for free, for example, StartSSL, Universal SSL, Let’s Encrypt (see here) and other. The certificate could be not for the long time period and don't have some additional properties like Time-Stamping (like here), but it could be still used. You can still use the certificate for free.
You can read here, for example, the instruction of configuring of HTTP2 in Apache HTTP Server. The most important would be to use the latest version of OpenSSL and the latest version of Apache Server. I'd recommend you to read the article about HTTP2, look the video and the corresponding slides here about making TLS faster and to go through the checklist.
71
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
