Upgraded all my self-hosted services today, was much less painful than I thought. When you ask AI for the config update, make sure you ask it to disable all HTTP versions below 2, not just 1.1. Otherwise it might happily leave 1.0 running.
"It's time to acknowledge HTTP/1.1 is insecure
Upstream HTTP/1.1 is inherently insecure, and routinely exposes millions of websites to hostile takeover. Vendors have spent six years deploying mitigations, and researchers have consistently bypassed them."
https://http1mustdie.com/
View quoted note →