3

I have enabled mod_http2 for the Apache Web Server, and made the necessary changes in the conf, still any request made from a browser to the server follows http/1.1 Protocol

The server sends a Upgrade:h2 header field but the browser still continues to make http/1.1 requests.

HTTP/1.1 Requests Upgrade:h2 in Response Headers

How can i make a h2 request from Mozilla/Chrome? I'm using Mozilla Firefox 48.0

sainiankit
  • 571
  • 3
  • 17
  • Are you running anti-virus? http://stackoverflow.com/questions/41116072/why-chrome-browser-doesnt-recognize-my-http2-server/41128943 – Barry Pollard Jan 06 '17 at 13:52
  • What cipher suite are you using? – laike9m Jan 07 '17 at 10:49
  • Everything works File while I use Safari on a MAC, its just that firefox on my windows machine says NS_ERROR_NET_INADEQUATE_SECURITY, this has certainly something to do with the cypher suite being used. – sainiankit Feb 02 '17 at 10:45
  • Note that the Upgrade header is a HTTP request header and not a response header! Sending this header as a response header is a [bug in older versions of Apache](https://ctrl.blog/entry/http2-upgrade-h2). It causes compatibility issues in clients that get confused when they receive request headers in a server response. – Daniel Aug 28 '17 at 02:02

3 Answers3

1
  1. Check that HTTP/2 support is enabled in Firefox:

In the address bar of Firefox, type "about:config", then search for "network.http.spdy.enabled.http2" and make sure that it is set to true.

  1. Firefox implements HTTP/2 only on TLS

So, you will have to access the website using https://xxxxx

Nidhi
  • 858
  • 4
  • 9
  • Hi Nidhi, I checked the network.http.spdy.enabled.http2 parameter is set to true, also I'm using TLS. The browser is making "h2" requests on some websites For Example, Google Search, so its not related to the browser for sure. – sainiankit Jan 06 '17 at 12:54
1

Browsers currently only support HTTP/2 via https. See http://caniuse.com/#feat=http2 the note number 2.

Frederik Deweerdt
  • 4,943
  • 2
  • 29
  • 31
0

The HTTP/2 standard imposes some extra requirements on https, no cipher from a specified black list may be used.

An acceptable Apache SSL configuration regarding this is:

SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
SSLProtocol All -SSLv2 -SSLv3

This needs to be changed in the httpd config file and NS_ERROR_NET_INADEQUATE_SECURITY should not occur after httpd restart.

sainiankit
  • 571
  • 3
  • 17