On Windows not work h2 protocol, but on Linux all ok (ALPN is present on Linux server)
Reported by
mikhail....@gmail.com,
Jun 22 2016
|
||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2767.5 Safari/537.36 Example URL: https://dev.sy24.ru/ Steps to reproduce the problem: 1. Open https://dev.sy24.ru/ 2. Go to Dev tools -> Network 3. Add column with protocol What is the expected behavior? What went wrong? ]# echo | openssl s_client -alpn h2 -connect dev.sy24.ru:443 | grep ALPN depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority verify return:1 depth=1 C = IL, O = StartCom Ltd., OU = StartCom Certification Authority, CN = StartCom Class 1 DV Server CA verify return:1 depth=0 CN = sy24.ru verify return:1 ALPN protocol: h2 DONE Did this work before? N/A Chrome version: 53.0.2767.5 Channel: dev OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version: Shockwave Flash 22.0 r0
,
Jun 22 2016
I tried this on OSX. ALPN is negotiated but the server chooses http/1.1 for some reason. On Wed, Jun 22, 2016 at 4:21 AM mikhail.v.gavrilov at gmail.com via Monorail <monorail@chromium.org> wrote:
,
Jun 22 2016
There is nothing platform-specific about our ALPN code. This is a problem on the server deployment. dev.sy24.ru has IPv4 and IPv6 addresses. $ dig A dev.sy24.ru [...] dev.sy24.ru. 21138 IN A 213.136.82.171 [...] $ dig AAAA dev.sy24.ru [...] dev.sy24.ru. 21135 IN AAAA 2a02:c207:2002:5208::1 [...] The IPv6 address selects HTTP/2 just fine. $ ./build/tool/bssl client -connect '[2a02:c207:2002:5208::1]:443' -alpn-protos http/1.1,h2 Connecting to [2a02:c207:2002:5208::1]:443 Connected. Version: TLSv1.2 Resumed session: no Cipher: ECDHE-RSA-AES128-GCM-SHA256 ECDHE curve: P-256 Secure renegotiation: yes Extended master secret: no Next protocol negotiated: ALPN protocol: h2 Cert subject: CN = sy24.ru Cert issuer: C = IL, O = StartCom Ltd., OU = StartCom Certification Authority, CN = StartCom Class 1 DV Server CA �����^C The IPv4 address selects HTTP/1.1. $ ./build/tool/bssl client -connect '213.136.82.171:443' -alpn-protos http/1.1,h2 Connecting to 213.136.82.171:443 Connected. Version: TLSv1.2 Resumed session: no Cipher: ECDHE-RSA-AES128-GCM-SHA256 ECDHE curve: P-256 Secure renegotiation: yes Extended master secret: no Next protocol negotiated: ALPN protocol: http/1.1 Cert subject: CN = sy24.ru Cert issuer: C = IL, O = StartCom Ltd., OU = StartCom Certification Authority, CN = StartCom Class 1 DV Server CA ^C
,
Jun 22 2016
Thanks you for helping find misconfiguration. http2 option is absent for IPv4 listener. |
||
►
Sign in to add a comment |
||
Comment 1 by mikhail....@gmail.com
, Jun 22 2016285 KB
285 KB View Download