Moving to TLS 1.3 and HTTP/2
We've finished upgrading our edge stack to TLS 1.3 only and enabled HTTP/2 across all sites. Latency and security both improved. Cipher suite in use: TLS_AES_256_GCM_SHA384 and TLS_CHACHA20_POLY1305_SHA256.
We've finished upgrading our edge stack to TLS 1.3 only and enabled HTTP/2 across all sites. Latency and security both improved. Cipher suite in use: TLS_AES_256_GCM_SHA384 and TLS_CHACHA20_POLY1305_SHA256.
Single nginx instance in front of several backends keeps config in one place and centralizes SSL termination. We use long timeouts for WebSocket endpoints so connections stay up.