AutoSSL compatibility with mod_http2

yagami_kira

• October 09, 2017 07:41

I've been reading some information in the internet that mod_http2 module can cause issues if the server is not using a strong SSLCipherSuite. Hypertext Transfer Protocol Version 2 (HTTP/2) I don't really understand what this means. I'm just using a free SSL that is included in cPanel (powered by Comodo) via AutoSSL. Since this is a free SSL, does it mean that I'm using weak CipherSuites and there's a strong likelihood that they're included in the black list?

• 

  cPanelMichael

  • October 10, 2017 18:08

  Hello, This is discussed on the following thread: SOLVED - HTTP 2 with SSL Thank you.

  0
• 

  yagami_kira

  • October 11, 2017 04:14

  Below is the cipher code provisioned by my VPS provider by default: ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH I've read the thread, but I'm not comfortable in further changing the above cipher code it in fear of making our sites inaccessible to users. I believe the above cipher code is commonly used, but I don't find any information elsewhere if enabling HTTP2 on the server will cause browser issues if this default cipher code is retained ?

  0
• 

  cPanelMichael

  • October 11, 2017 14:19

  Hello, I've not seen reports of any issues with HTTP2 when the default Apache cipher suite and protocols provided by cPanel are enabled, other than the thread linked in my last response. You may want to use the default cipher settings first, and then make adjustments if necessary. Thank you.

  0

Please sign in to leave a comment.