HTTP/2 and SSL Certificates
Limitations of HTTP/1.1
The HTTP/1.1 protocol has several shortcomings that make it less ideal especially when running high-traffic web servers:
- Delays in loading website pages.
- Sends one request for each file per TCP connection.
- Browsers are forced to send a deluge of parallel TCP connections to simultaneously process the requests leading to TCP congestion and ultimately bandwidth wastage and network degradation.
The above-mentioned problems often led to performance degradation and high overhead costs in bandwidth usage.
Advantages of HTTP/2
HTTP/2 came into the picture to address these problems and offers the following advantages:
- Header compression that minimizes client requests and lowers bandwidth consumption resulting in fast page load speeds.
- Sending several requests over one TCP connection.
- Faster web performances which consequently lead to better SEO ranking.
- HTTP/2 is considered more mobile-friendly thanks to the header compression feature.
- Improved security since web browsers load HTTP/2 over HTTPS.
So HTTP/2 requires HTTPS?
Many visitors to our website ask if HTTP/2 can be enabled on their web server by the purchase of a SSL/TLS certificate.
We would like to clarify the subject with the following 3 facts:
- The HTTP/2 specification does not require the use of SSL/TLS certificates.
- However, most major web browsers only support HTTP/2 calls over SSL/TLS.
- Implementation of HTTP/2 over SSL/TLS requires a stricter TLS setup on the web server.
Since most web browsers only make HTTP/2 connections over TLS, websites that want HTTP/2 enabled must do it over strict HTTPS guidelines to serve users.
Further reading: https://daniel.haxx.se/blog/2015/03/06/tls-in-http2/
Enabling HTTP/2 for Websites on Web Servers