cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Issues applying HTTP/2 protocol to Virtual Server

Joseph_Lindsly
Nimbostratus
Nimbostratus

We have a request by an application team to enable HTTP/2 protocol to their Virtual Servers. We were able to configure and apply it to the Non-Production Virtual servers, but when I attempted to apply the same HTTP/2 protocol to the Production Virtual Servers, it failed. I received the following error from a curl command:

 

curl: (92) HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)

 

I have compared both Non-Production and Production configurations and they are the same. Could someone provide me the recommended solution for enabling HTTP/2 protocol. This is the steps that i performed:

 

  1. I created a new Client/Server side SSL Profiles with "renegotiation" unchecked.
  2. I created a HTTP/2 Profile specific to the application.
  3. I replaced the existing Client/Server side SSL profiles with the newly created profiles.
  4. I applied the HTTP/2 profile to the virtual server.

 

As soon as i click the update button, i run the curl command and get the above error.

 

Any help would be appreciated.

 

Thanks,

3 REPLIES 3

NAG
Cirrostratus
Cirrostratus

Hi

 

This issue seems to be something related to content length and type.

 

https://forums.cpanel.net/threads/http2-stream-1-was-not-closed-cleanly.636993/

 

Packet captures would give you more insight in to where the problem is originating.

 

Hope it helps,

Nag

Joseph_Lindsly
Nimbostratus
Nimbostratus

I check the content length/type for both environments and they are the same. I will run a capture tonight. Is there a recommended syntax to add to the tcpdump command to get the most insight to the traffic?

 

1) You have to use a iRule to collect SSL session secrets to be used in wire-shark to decrypt the SSL traffic in captures.

 

Decrypting SSL traffic using the SSL::sessionsecret iRules command

https://support.f5.com/csp/article/K12783074

 

2) command for captures::

tcpdump -vvni 0.0:nnnp -s0 host <Client_IP>-w /var/tmp/file_name.pcap