Enable HTTP/2 for HTTPS

[florian-h05]

Depends on openhab/openhab-core#4526.

[J-N-K]

Isn't that removing http/1.1 support for secure connections?

[florian-h05]

Yes, but I see no harm in doing so:
HTTP/2 is widely supported by across major browsers, most of them have HTTP/2 support since 2015, see https://caniuse.com/http2.

[J-N-K]

I'm ok with that, but I would like to hear the opinion of other @openhab/distro-maintainers and @openhab/architecture-council

[florian-h05]

Let's also ask @ghys for his opinion.

[holgerfriedrich]

I had to keep http/1 and TLS 1.1 for quite a while longer than I wanted due to Android-based wall displays. But it is more than ten years since Android 4 and time to get rid of those devices anyway - if still in use. So 👍 from my side.

[florian-h05]

If really needed, you could use nginx to get http/1 and TLS 1.1 available for them - but given the vulnerabilities of TLS 1.1 you could also consider to use plain HTTP ;-)

[J-N-K]

Thanks. Let's wait for more comments.

[florian-h05]

Do we need this change now that we don’t add them as compile time dependencies on core?

[J-N-K]

Probably not. OTOH: You can easily try if you need it. If it comes up and works without, don't add it.

[florian-h05]

Just tested, it is not needed, the demo app still starts fine.
I have created #1712 to revert this change.

[rkoshak]

I think there will be much complaining but I also think this is somethjing that probably needs to be done anyway. Never underestimate the willingness of people to keep running stuff far beyond it's end of life.

I would request an update to the reverse proxy docs to correspond with this change, assuming end users need to adjust their nginx or apache configs to account for this.

[florian-h05]

Never underestimate the willingness of people to keep running stuff far beyond it's end of life.

If one has a browser older than 2015 (where HTTP/2 was added to all major browsers) I wish them good luck to not get some malware while surfing …

[kaikreuzer]

I guess 10 years after the general availability of a successor, it should be ok to drop HTTP/1.1+TLS1.1 - so no veto from me.

[holgerfriedrich]

LGTM.

I managed to connect with HTTP2 and HTTP w. keepalive.
Let's see how it works out for the bigger audience.

[ghys]

Let's also ask @ghys for his opinion.

Sorry I was AFK for the holidays but it's a good move IMO.
Would fix a lot of things although we'd still need to trust the self-signed TLS certificate on all clients for features like microphone, camera, web notifications etc. to work.

[openhab-bot]

This pull request has been mentioned on openHAB Community. There might be relevant details there:

https://community.openhab.org/t/wget-and-sendhttpgetrequest-empty-response-differend/161321/6