This year has brought us a few changes that will probably redefine the world wide web as most people use it - not that you might or should notice. Browsing the won’t become that different. It will just be faster, reduce resource usage on servers and be more secure by default. And all that 25 years after the first server came online.
First, the HTTP/2.0 protocol specification was finalized. While most modern browsers already support the new http version, most web servers still need to update if they want to server HTTP/2 traffic. Doing so is not mandatory, since HTTP/1.1 won’t disappear anytime soon. See the references below to see why the benefits of HTTP/2 might be a good reason for web server owners to support HTTP/2 anyway.
Next, all browser makers have agreed to support HTTP/2 only over an encrypted connection (TLS). So if you want your server to be accessible over HTTP/2, then you’ll need to have a certificate on your server to support TLS. This leads us to possibly the most important new element this year has brought: certificate automation.
While previously it was already possible to have a free certificate on you server (CaCert, Startcom), installing and renewing certificates - even paying ones - always is time-consuming. Even if it’s only a little time, being a recurring process makes the effort spent accumulate over time. So reducing the time one need to spend on generating certificates and keeping them up-to-date is an important issue if we want the www to move forward with HTTP/2 and encryption in general.
This is one of the ideas behind the certificate service offered by Let’s Encrypt, which is announcing a new era where it becomes easy for everyone to offer an encrypted website. You won’t stand out of the crowd anymore by offering a personal website over https anymore. While there still is room for improvement, this is as a new direction being set that will eventually lead to http being the exception rather than the norm.
As for this server, while it currently provides some services over https, enabling HTTP/2 and moving to an automated certificate infrastructure will happen over time.
Update: this server now uses letsencrypt certificates and uses HTTP/2 !
References:
- https://sysadvent.blogspot.be/2015/12/day-19-http2.html
- https://en.wikipedia.org/wiki/HTTP/2
- https://letsencrypt.org
Resources for testing your own server:
- SSL test: https://www.ssllabs.com/ssltest/index.html
- HTTP/2 test: https://tools.keycdn.com/http2-test