The State Of HTTP/2 Full Proxy With F5 LTM
MVPJuergen_Mang Still no official statement from F5 but from what I get TLS1..3 does not work with HTTP/2 and I tested TLS1.2 cipher group with "ECDHE-RSA-AES256-GCM-SHA384/TLS1.2, DTLS1.2" and I got again the error "profile '/Common/tls-1-2-tes'; cipher ECDHE-RSA-AES128-GCM-SHA256 must be available".
This suggests that TLS1.2 is with limited support for HTTP/2 as well❓
MVPI am curious, let me test in my lab setup.
Changed my Cipher group to:
And I get this error (the same as you?)
Also disables TLS1.2 with the options in the ssl client profile does not work. It seems TLS1.2 is required for HTTP/2 Full Proxy Setups. Enabling only TLS1.2 and disable all other versions works.
As far I know the RFC says: Implementations of HTTP/2 MUST use TLS version 1.2 [TLS12] or higher for HTTP/2 over TLS.
- Nikoolayy1
Yes TLS1.2 but only with specific ciphers it seems to me and no TLS1.3 actually.
Also the same errors for serverside TLS as it is not the clientside only.