cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Chrome 80 and http/2 profile

Dennis_Klooster
Altostratus
Altostratus

We started seeing issues today with some of our customers' web sites where an http/2 profile was applied on the BigIP, when users use the new Chrome 80. The browser won't connect, with error ERR_HTTP2_SERVER_REFUSED_STREAM.

 

We see this issue with some but not all sites with http/2 enabled. The only differences I see between the sites are details in the HSTS configuration.

 

Has anybody else seen this, and do we know if the issue is with Chrome or the way BigIP handles http/2 or a combination of the http/2 profile and something else? Our BigIP is running version 12.1.4.

6 REPLIES 6

Hoolio
F5 Employee
F5 Employee

Hi Dennis,

 

Can you open a case with Support and provide a qkview, details of the affected virtual server, and tcpdump or browser recordings of working and failing requests?

 

Could you reply back with the case number?

 

Thanks, Aaron

Thanks Aaron. I just opened a support case, number C3195553.

hooleylist
Cirrostratus
Cirrostratus

Edit: actually, you indicate the issue is seen on 12.1.4, so this probably isn't the issue. Opening a case and providing a qkview and details of the issue will help us narrow the potential cause.

 

Thanks, Aaron

 

=================================

 

This might be the issue you're seeing. It would be great if you can open a support case and provide more exact details on the version and issue.

 

Bug ID 677119: HTTP2 implementation incorrectly treats SETTINGS_MAX_HEADER_LIST_SIZE

https://cdn.f5.com/product/bugtracker/ID677119.html

 

Symptoms

When HTTP2 connection's parameters are negotiated, either side may report about its limits in SETTINGS type frame where one of the parameters SETTINGS_MAX_HEADER_LIST_SIZE determines a maximum size of headers list it is willing to accept. The BIG-IP system incorrectly interchanged this parameter with another one called SETTINGS_HEADER_TABLE_SIZE, limiting value of the former one to 32,768.

 

Fixed In:

13.0.1, 12.1.3, 11.6.3.2

 

Aaron

I made a mistake: we're actually running 12.1.2, so this might well be the issue.

southern_shredd
Nimbostratus
Nimbostratus

We also affected heavily by this. Is there a temporary solution that does not involve a software upgrade if you are in version 12.1.2?

 

By using a Perfomance layer 4 VIP and disabling http/2 the websites works on Chrome 80 but fails on other browsers now

 

 

I'd suggest opening a case with F5 Support to see if there is an existing hotfix for the version you're running. If so, you could apply that hotfix to avoid needing to upgrade to 12.1.3.

 

Aaron