Forum Discussion

Dennis_Kloosterman's avatar
Feb 07, 2020

Chrome 80 and http/2 profile

We started seeing issues today with some of our customers' web sites where an http/2 profile was applied on the BigIP, when users use the new Chrome 80. The browser won't connect, with error ERR_HTTP2_SERVER_REFUSED_STREAM.

 

We see this issue with some but not all sites with http/2 enabled. The only differences I see between the sites are details in the HSTS configuration.

 

Has anybody else seen this, and do we know if the issue is with Chrome or the way BigIP handles http/2 or a combination of the http/2 profile and something else? Our BigIP is running version 12.1.4.

  • Hoolio's avatar
    Hoolio
    Ret. Employee

    Hi Dennis,

     

    Can you open a case with Support and provide a qkview, details of the affected virtual server, and tcpdump or browser recordings of working and failing requests?

     

    Could you reply back with the case number?

     

    Thanks, Aaron

  • Edit: actually, you indicate the issue is seen on 12.1.4, so this probably isn't the issue. Opening a case and providing a qkview and details of the issue will help us narrow the potential cause.

     

    Thanks, Aaron

     

    =================================

     

    This might be the issue you're seeing. It would be great if you can open a support case and provide more exact details on the version and issue.

     

    Bug ID 677119: HTTP2 implementation incorrectly treats SETTINGS_MAX_HEADER_LIST_SIZE

    https://cdn.f5.com/product/bugtracker/ID677119.html

     

    Symptoms

    When HTTP2 connection's parameters are negotiated, either side may report about its limits in SETTINGS type frame where one of the parameters SETTINGS_MAX_HEADER_LIST_SIZE determines a maximum size of headers list it is willing to accept. The BIG-IP system incorrectly interchanged this parameter with another one called SETTINGS_HEADER_TABLE_SIZE, limiting value of the former one to 32,768.

     

    Fixed In:

    13.0.1, 12.1.3, 11.6.3.2

     

    Aaron

  • We also affected heavily by this. Is there a temporary solution that does not involve a software upgrade if you are in version 12.1.2?

     

    By using a Perfomance layer 4 VIP and disabling http/2 the websites works on Chrome 80 but fails on other browsers now

     

     

    • Hoolio's avatar
      Hoolio
      Ret. Employee

      I'd suggest opening a case with F5 Support to see if there is an existing hotfix for the version you're running. If so, you could apply that hotfix to avoid needing to upgrade to 12.1.3.

       

      Aaron