Issues applying HTTP/2 protocol to Virtual Server

Joseph_Lindsly · ‎25-Feb-2020

We have a request by an application team to enable HTTP/2 protocol to their Virtual Servers. We were able to configure and apply it to the Non-Production Virtual servers, but when I attempted to apply the same HTTP/2 protocol to the Production Virtual Servers, it failed. I received the following error from a curl command:

curl: (92) HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)

I have compared both Non-Production and Production configurations and they are the same. Could someone provide me the recommended solution for enabling HTTP/2 protocol. This is the steps that i performed:

I created a new Client/Server side SSL Profiles with "renegotiation" unchecked.
I created a HTTP/2 Profile specific to the application.
I replaced the existing Client/Server side SSL profiles with the newly created profiles.
I applied the HTTP/2 profile to the virtual server.

As soon as i click the update button, i run the curl command and get the above error.

Any help would be appreciated.

Thanks,

NAG · ‎26-Feb-2020

Hi

This issue seems to be something related to content length and type.

https://forums.cpanel.net/threads/http2-stream-1-was-not-closed-cleanly.636993/

Packet captures would give you more insight in to where the problem is originating.

Hope it helps,

Nag

Joseph_Lindsly · ‎27-Feb-2020

I check the content length/type for both environments and they are the same. I will run a capture tonight. Is there a recommended syntax to add to the tcpdump command to get the most insight to the traffic?

NAG · ‎27-Feb-2020

1) You have to use a iRule to collect SSL session secrets to be used in wire-shark to decrypt the SSL traffic in captures.

Decrypting SSL traffic using the SSL::sessionsecret iRules command

https://support.f5.com/csp/article/K12783074

2) command for captures::

tcpdump -vvni 0.0:nnnp -s0 host <Client_IP>-w /var/tmp/file_name.pcap

DevCentral

Issues applying HTTP/2 protocol to Virtual Server