Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] HTTP/2 requirements


On 20-11-18 23:07, Joakim Erdfelt wrote:
> One additional question: do you think it is worthwhile to support HTTP/2 for newer browsers (which most of our users have) while at the same time trying to uphold support for IE9?

Last time I checked, not even https://microsoft.com/ supported anything older then MSIE11 (due to them disabling TLS/1.0 and TLS/1.1 on the server side)
Also, the last time MSIE9 had over 1% market share was July 2016 (Dropped below 1% in August 2016, currently under 0.01%)


Yes, I know. Sad isn't it? Unfortunately we are stuck in this situation because some of our clients run older IE versions inside company networks (I believe they have some form of extended support). Things may change within 4-6 months though.

I tried using only defaults but got an ssllabs B score because of supported weak DH ciphers. I explicitly excluded those and am back on an A score now, only without TLS1.0 support. I am now considering a separate setup with 1.1 support for backward users only. Still no A+ score and no TLS1.3 support listed, but I think I read somewhere that ssllabs does not yet detect TLS1.3 so that may be the culprit.

I will start experimenting with HTTP/2 support with the setup you described and report back later.


Thanks again,

Silvio

Back to the top