Feature request: HTTP/2 support (nginx), OCSP stapeling + Optimized TLS

[Guest]

Hello there,

 

just some ideas...

• HTTP/2 support for nginx 1.9.5+
• OCSP stapeling for openssl 1.0.1e+
• HSTS (HTTP Strict Transport Security) headers
• SSL/TLS Session Cache and Timeouts
• SSL/TLS Prefer Server Ciphers

 

Would be nice if those would have a option to enable/disable within the UI.

 

Thanks

[d00p 140]

• HSTS (HTTP Strict Transport Security) headers
• SSL/TLS Session Cache and Timeouts
• SSL/TLS Prefer Server Ciphers

 

Can be done via specialsettings in IP/Port and/or Domain. For the rest: patches / pull-requests are always welcome

[Tomasz Czauderna 2]

The ngx_http_v2_module module (1.9.5) provides support for HTTP/2 and supersedes the ngx_http_spdy_module module.

 

All sugestions about implenent spdy was rejected or close on redmine

[d00p 140]

And again, patches and/or pull-requests on github are welcome

[Tomasz Czauderna 2]

I try to do something with this maybe this time I will have approved commit

 

I Use funtoo nginx in gentoo in version 1.9.6 is it but in funtoo not yet we worked with this now is bug FL-2524

If guys from Funtoo bump version or if i send ebuild - i get started working with this

[d00p 140]

If you're a Gentoo/Funtoo guy - download tarball and compile yourself?!

[Tomasz Czauderna 2]

i don't do that anymore...

To many times i lost time to rapier system portage dependence.

And I don't like mixin overlays this slow down portage.

ebuild have only 600 lines not too much

Step by step

[Tomasz Czauderna 2]

Private overlay with nginx is done.

little steps

[lsbbs 0]

For Nginx I don't know. But in Apache you can enable it globally. Best in mod_ssl.conf

Have up to now not seen any negative side effects if a domain has a certificate without ocsp url.