Forum Discussion

Joseph_Lindsly's avatar
Feb 25, 2020

Issues applying HTTP/2 protocol to Virtual Server

We have a request by an application team to enable HTTP/2 protocol to their Virtual Servers. We were able to configure and apply it to the Non-Production Virtual servers, but when I attempted to apply the same HTTP/2 protocol to the Production Virtual Servers, it failed. I received the following error from a curl command:

 

curl: (92) HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)

 

I have compared both Non-Production and Production configurations and they are the same. Could someone provide me the recommended solution for enabling HTTP/2 protocol. This is the steps that i performed:

 

  1. I created a new Client/Server side SSL Profiles with "renegotiation" unchecked.
  2. I created a HTTP/2 Profile specific to the application.
  3. I replaced the existing Client/Server side SSL profiles with the newly created profiles.
  4. I applied the HTTP/2 profile to the virtual server.

 

As soon as i click the update button, i run the curl command and get the above error.

 

Any help would be appreciated.

 

Thanks,

3 Replies

  • I check the content length/type for both environments and they are the same. I will run a capture tonight. Is there a recommended syntax to add to the tcpdump command to get the most insight to the traffic?

    • NAG's avatar
      NAG
      Icon for Cirrostratus rankCirrostratus

       

      1) You have to use a iRule to collect SSL session secrets to be used in wire-shark to decrypt the SSL traffic in captures.

       

      Decrypting SSL traffic using the SSL::sessionsecret iRules command

      https://support.f5.com/csp/article/K12783074

       

      2) command for captures::

      tcpdump -vvni 0.0:nnnp -s0 host <Client_IP>-w /var/tmp/file_name.pcap