HTTP/2 with HTTPS A+ security rating

#text #written #letsencrypt #http2

So I like tinkering with almost anything. Recently I've been trying to get the HTTP/2 protocol, which was released in 2015, working on my server. Its the first time HTTP (Hypertext Transfer Protocol) has received a major update since version 1.1 in 1999. A lot of new features have been introduced with it but in short it reduces the amount of connections needed do load a website making parallel downloads of resources possible, this with many other things making it quicker than the older 1.1 version.

Enabling HTTP/2 also forces you to have a security layer on top adding the S after HTTP.

HTTPS has in the past been a bit of a hassle and expensive, but an organization called Let's Encrypt has made this both easy and free just before HTTP/2 came. I got my certificates working on my domain about a year ago but didn't think much more of it than having the little green padlock in chrome. But after just recently finding a site called ssllabs.com I decided to try to improve my security rating.

In my first test I got a B- which didn't feel very impressive and got me searching for ways to improve it. This is when I enabled HTTP/2 and made some changes to which security protocols to accept and so on which gave me an A-. And just yesterday I got the last piece of the puzzle working and now have an A+ rating on my site.

Test it here

Next step is to increase the speed of my site. Its not really slow now but speed is king.