The State Of HTTP/2 With F5 LTM

Code is community submitted, community supported, and recognized as ‘Use At Your Own Risk’. In this article, I will attempt to summarize the known challenges of an HTTP/2 full proxy setup, point ou...
Updated Jan 29, 2026
Version 3.0
application delivery
Juergen_Mang's avatar
Juergen_Mang
Icon for MVP rankMVP
Jan 23, 2026

Do I read it correctly? "TLS1.3 only" does not work with HTTP/2?

Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Jan 29, 2026

Juergen_Mang​  Still no official statement from F5 but from what I get TLS1..3 does not work with HTTP/2 and I tested TLS1.2 cipher group with "ECDHE-RSA-AES256-GCM-SHA384/TLS1.2, DTLS1.2" and I got again the error "profile '/Common/tls-1-2-tes'; cipher ECDHE-RSA-AES128-GCM-SHA256 must be available".

 

This suggests that TLS1.2 is with limited support for HTTP/2  as well❓

  • Juergen_Mang's avatar
    Juergen_Mang
    Icon for MVP rankMVP
    Jan 29, 2026

    Nikoolayy1​ 

    I am curious, let me test in my lab setup.

    Changed my Cipher group to: 

    And I get this error (the same as you?)

    Also disables TLS1.2 with the options in the ssl client profile does not work. It seems TLS1.2 is required for HTTP/2 Full Proxy Setups. Enabling only TLS1.2 and disable all other versions works. 

    As far I know the RFC says: Implementations of HTTP/2 MUST use TLS version 1.2 [TLS12] or higher for HTTP/2 over TLS.

    • Nikoolayy1's avatar
      Nikoolayy1
      Icon for MVP rankMVP
      Jan 29, 2026

      Yes TLS1.2 but only with specific ciphers it seems to me and no TLS1.3 actually.

      Also the same errors for serverside TLS as it is not the clientside only.