Related

NGINX Config Generator

Easily configure a performant, secure, and stable NGINX server.

 Learn More
Server won't boot Question Question
Website showing NGINX default page Question Question

Question

how to upgrade spdy/2 to spdy/3 on LEMP Ubuntu 14.04?

Posted July 27, 2015 3.6k views
NginxUbuntuServer OptimizationLEMP

I get the following warning message when I use the spdy-test tool at https://spdycheck.org

**Out-of-Date SPDY Protocol Support**
The most recent version of SPDY is spdy/3. The highest version this website supports is spdy/2. There are 3 major versions of SPDY. This website should consider updating its software if possible to support spdy/3.

I read that nginx & openssl should be updated to the latest version to automatically use spdy/3.

I did all upgrades available through digitalocean but especially openssl seems way outdated:

nginx: nginx/1.4.6 (Ubuntu)
openssl: OpenSSL 1.0.1f 6 Jan 2014

Maybe there’s a mirror outside of DO I should use?

Add a comment
By:
sugarhill

Related

NGINX Config Generator

Easily configure a performant, secure, and stable NGINX server.

 Learn More
Server won't boot Question Question
Website showing NGINX default page Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
UKn0Me July 27, 2015

SPDY/3 support in was added in 1.5.10. because you’re running 1.4.6 you won’t have it.
I use Chris Lea’s nginx mainline PPA for my servers and because it’s mainline version and constantly being updated (about 1-2 days behind official nginx release), you can have access to the latest features (including SPDY/3!). Current version is 1.9.3 and can be found at: https://launchpad.net/~chris-lea/+archive/ubuntu/nginx-devel

Reply Report
  • sugarhill July 27, 2015

    Thanks for your answer!

    This solved my problem and I’m now using nginx/1.9.3 including SPDY/3

    Reply Report
  • sugarhill July 27, 2015

    Hm, the update did produce a problem.

    My ssllabs server rating has been reduced from A+ to A because Strict Transport Security (HSTS) is supposedly not enabled. Although spdycheck.org still reports it is enabled.

    I had a look in my config and even though I opted out of upgrading my nginx config file (after distro-upgrade) a new file “default.dpkg-dist” has been added to /etc/nginx/sites-available which is called from /etc/nginx/sites-enabled/default

    I deleted both files
    etc/nginx/sites-available/default.dpkg-dist
    /etc/nginx/sites-enabled/default
    but I’m still stuck at A with no HSTS

    Is there any other file that needs to be modified after distro-upgrade to recognize HSTS?

    Reply Report
  • UKn0Me July 27, 2015

    If you haven’t already add the following to your server block:
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    The options are pretty self-explanatory, adjust if required to your needs.

    Reply Report
  • sugarhill July 27, 2015

    Yes, I did have this line in my config (otherwise you cant get A+ in the first place) and even included “preload” which I previously submitted at https://hstspreload.appspot.com

    Luckily I found the culprit - it was my wordpress maintanance mode which sends a 503 status code and prevents ssllabs from receiving my HSTS. As soon as I switch off maintenance mode I’m back to A+.

    P.S.: either way I gave you another heart for hanging in with me - thanks a lot UKn0Me :)

    Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help