Why does the nginx.org main site not supporting TLS v1.3?

Maxim Dounin mdounin at mdounin.ru
Mon Jan 25 16:36:37 UTC 2021


On Fri, Jan 22, 2021 at 10:19:55AM +0000, David Hu wrote:

> OK. Thank you. But what about the HTTP/1.1 and HTTP/2 problem? 
> As I mentioned before, I neogotiated with the server for H2 in 
> the early ALPN. However the server only accepts HTTP/1.1 and why 
> is that? My cURL has explicitly specified 
> --http2-prior-knowledge but it still does not work. It still 
> connects via HTTP/1.1.

The answer is quite simple: the server only accepts HTTP/1.x.  
That's quite normal considering that HTTP/2 introduces quite a few 
additional attack vectors, while the nginx.org site contains only 
a few resources per page, so HTTP/2 have no benefits for the site.  
(Further, since the site doesn't use SSL by default and rather 
have it available for those who want to use SSL for some reason, 
using HTTP/2 is essentially not possible by default.)

Maxim Dounin

More information about the nginx mailing list