HTTP2 Firefox Compatibility
Aleksandar Lazic
al-nginx at none.at
Sun Sep 27 23:03:24 UTC 2015
Hi.
Am 27-09-2015 23:49, schrieb SplitIce:
> Hi All,
>
> Yesterday we discovered a possible compatibility issue with a certain
> configuration, HTTP2 and Firefox. This configuration works successfully
> in Chrome and other HTTP2 enabled browsers, however Firefox users are
> unable to connect (connection reset).
>
> The pertinent part of the configuration is a port with SSLv3 enabled in
> the supported protocols (risk associated with POODLE attack has been
> accounted and mitigated for separately).
Please can you post the output of 'nginx -V' and a anonymized config.
which version of firefox is in use?
Firefox have deactivated sslv3 by default.
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
https://www.mozilla.org/en-US/firefox/34.0/releasenotes/
Disabled SSLv3
What shows this output of "Protocol Features" for your client?
https://www.ssllabs.com/ssltest/viewMyClient.html
Which value have 'about:config' => security.tls.version.min ?
> Test configuration:
>
> server {
> listen 443 ssl http2;
> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
> [...]
> }
>
> Connect with Firefox (fail), connect with Chrome (pass).
Is it possible to use http2 with sslv3?!
http://nginx.org/en/docs/http/ngx_http_v2_module.html
##### cite from above link
Note that accepting HTTP/2 connections over TLS requires the
“Application-Layer Protocol Negotiation” (ALPN) TLS extension support,
which is available only since OpenSSL version 1.0.2. Using the “Next
Protocol Negotiation” (NPN) TLS extension for this purpose (available
since OpenSSL version 1.0.1) is not guaranteed.
#####
What show the firefox network analyzer tool?
https://developer.mozilla.org/en-US/docs/Tools/Network_Monitor
Is it possible to use debug log?
http://nginx.org/en/docs/debugging_log.html
> Regards,
> Mathew
Cheers
Aleks
More information about the nginx-devel
mailing list