Category Archives: alpn

Browser won’t upgrade to H2 altough "Upgrade" headers are sent

On my webserver I'm trying to get H2 (http2) to work. Installed Apache 2.4.20 via the "ondrej" repository. I tested on a Debian 8 and Ubuntu 14.04 server, but I keep running into the same problems. I have OpenSSL 1.0.2 and SSL vhosts running.

The strange thing is that the upgrade headers (Connection: upgrade and Upgrade: h2) are sent. When I do some external server testing I get the responses that h2 is running properly with ALPN support. But the problem is the browsers I tested on (Chrome and FireFox on Win7) won't upgrade to H2.

One thing which I noticed which is missing is the HTTP2-Settings header, but I can't find anything in any Apache documentation to implement this or force Apache to send this header.

Sadly I couldn't test with cUrl, since the servers I have access to don't support any version which has http2 support.

My SSL vhost settings:

Protocols h2 http/1.1
SSLEngine On
SSLCACertificateFile xxxxxxxx
SSLProtocol all -SSLv2 -SSLv3
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RSA+AES RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4 !AES128"
Header always set Strict-Transport-Security "max-age=15552000;includeSubDomains"
SSLCertificateFile xxxxxxxx
SSLCertificateKeyFile xxxxxxxx

I'm running Apache with the prefork module instead of with workers.

Who can tell me what's wrong?