>None of the links above mention that IE supports HTTP/2 negotiation
>using NPN.
Agree.
> I guess it supports only ALPN, which isn't supported by OpenSSL
> version in your Ubuntu 15.10.
I have just researched installed openssl.
root at LIA-RP-VS-WEB:/etc/nginx/tls# openssl version -a -v -b -o -f -p -d
OpenSSL 1.0.2g 1 Mar 2016
built on: reproducible build, date unspecified
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2
-fstack-protector-strong -Wformat -Werror=format-security
-D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack
-Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM
-DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/usr/lib/ssl"
According this note: https://www.openssl.org/news/openssl-1.0.2-notes.html
Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]:
[..]
•ALPN support.
Therefore, ALPN is supported and should work with IE. Am I right?
Actually I should have OpenSSL 1.0.2d
In addition, the LIA-RP-VS-WEB is a XEN guest.
Thank you for your tip about chrome. I can see and investigate the protocol
information:
454: HTTP2_SESSION
192.168.100.163:443 (DIRECT)
Start Time: 2016-03-15 18:13:13.832
t=1138095 [st= 0] +HTTP2_SESSION [dt=180146]
--> host = "192.168.100.163:443"
--> proxy = "DIRECT"
t=1138095 [st= 0] HTTP2_SESSION_INITIALIZED
--> protocol = "h2"
--> source_dependency = 453 (SOCKET)
t=1138095 [st= 0] HTTP2_SESSION_SEND_SETTINGS
[..]
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,265326,265365#msg-265365