HTTP2入门实践

环境和工具：
mac curl openresty

1. 升级curl支持http2

brew install curl-openssl
echo 'export PATH="/usr/local/opt/curl-openssl/bin:$PATH"' >> ~/.zshrc

2.测试jd页面

curl --http2 -I "https://www.jd.com"

HTTP/2 200
server: JDWS/2.0
date: Thu, 17 Oct 2019 04:06:39 GMT
content-type: text/html; charset=utf-8
content-length: 103636
vary: Accept-Encoding
vary: Accept-Encoding
expires: Thu, 17 Oct 2019 04:06:51 GMT
cache-control: max-age=30
ser: 6.155
via: BJ-Y-NX-105(HIT), http/1.1 BJ-CT-2-JCS-35 ( [cRs f ])
age: 12
strict-transport-security: max-age=7776000

3. 本地nginx配置

http {
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_prefer_server_ciphers on; 协商加密算法时，优先使用服务端的加密套件
}
server {
    listen 443 ssl http2;
    server_name <your_server>;
    ssl_certificate     <your_cert_path>;
    ssl_certificate_key  <your_key_path>;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
}

https://wiki.mozilla.org/Security/Server_Side_TLS 推荐的ciphers配置，分为现代兼容性、中级兼容性、旧的向后兼容性