HTTP/2 and HTTPS

steve steve at greengecko.co.nz
Wed Mar 16 06:00:22 UTC 2016 

On 03/16/2016 06:33 AM, Roswebnet wrote:
>> None of the links above mention that IE supports HTTP/2 negotiation
>> using NPN.
> Agree.
>
>> I guess it supports only ALPN, which isn't supported by OpenSSL
>> version in your Ubuntu 15.10.
> I have just researched installed openssl.
>
> root at LIA-RP-VS-WEB:/etc/nginx/tls# openssl version -a -v -b -o -f -p -d
> OpenSSL 1.0.2g  1 Mar 2016
> built on: reproducible build, date unspecified
> platform: debian-amd64
> options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
> compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS
> -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2
> -fstack-protector-strong -Wformat -Werror=format-security
> -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack
> -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
> -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
> -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM
> -DGHASH_ASM -DECP_NISTZ256_ASM
> OPENSSLDIR: "/usr/lib/ssl"
>
> According this note: https://www.openssl.org/news/openssl-1.0.2-notes.html
>
> Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]:
> [..]
> •ALPN support.
>
> Therefore, ALPN is supported and should work with IE. Am I right?
> Actually I should have OpenSSL 1.0.2d
>
> In addition, the LIA-RP-VS-WEB is a XEN guest.
>
> Thank you for your tip about chrome. I can see and investigate the protocol
> information:
>
> 454: HTTP2_SESSION
> 192.168.100.163:443 (DIRECT)
> Start Time: 2016-03-15 18:13:13.832
>
> t=1138095 [st=     0] +HTTP2_SESSION  [dt=180146]
>                         --> host = "192.168.100.163:443"
>                         --> proxy = "DIRECT"
> t=1138095 [st=     0]    HTTP2_SESSION_INITIALIZED
>                           --> protocol = "h2"
>                           --> source_dependency = 453 (SOCKET)
> t=1138095 [st=     0]    HTTP2_SESSION_SEND_SETTINGS
>
> [..]
>
> Posted at Nginx Forum: https://forum.nginx.org/read.php?2,265326,265365#msg-265365
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
Have you checked the server directly? I don't have intimate knowledge of 
http2 so rely on Qualys to tell me when I've got it set up properly...

https://www.ssllabs.com/ssltest/analyze.html?d=www.greengecko.co.nz&s=101.0.108.116&latest

Works fine for me... nginx 1.9.12 + openssl 1.0.2g. ( note g, not d is 
current ). Built from source.

Steve

-- 
Steve Holdoway BSc(Hons) MIITP
http://www.greengecko.co.nz
Linkedin: http://www.linkedin.com/in/steveholdoway
Skype: sholdowa

More information about the nginx mailing list