Disabling HTTP/2 / SPDY in HTTP.SYS and IIS in Windows 10
Asked Answered
T

1

13

When testing on Windows 10 we were seeing lots of browser incompatibilities that I hadn't seen before with earlier Windows versions. Some browsers would work, but others would report ERR_SPDY_PROTOCOL_ERROR. My quick search for this problem showed I was not alone.

My app uses WWSAPI and HTTP.SYS with HTTPS (TLS). Does anyone know how to disable SPDY / HTTP/2 in WWSAPI (which is using HTTP.SYS) on Windows 10?

I'd also love to get a full up-to-date Windows 10 list of registry settings for HTTP.SYS.

See below for my answer to this. Hope this helps others too.

Mark

Toothpaste answered 30/7, 2015 at 8:17 Comment(4)
This is a Q&A site. So if you have something that's on-topic for StackOverflow and hasn't already been answered, post a question where you formulate the problem that you initially had, and then post an answer to that question where you describe the solution.Darceldarcey
Separate from just disabling HTTP/2, I'd like to understand why your WWSAPI is generating ERR_SPDY_PROTOCOL_ERROR in (I presume) Chrome. Do you have a WWSAPI sample that shows that happening?Skillern
That is a Chromium error. We're currently seeing it in Opera, Chrome and Vivaldi. In our case because I think somebody is sending a signal we're providing http2 when we're not.Whacky
Possible duplicate of How to disable HTTP/2 on IIS of Windows 10Lefthander
C
21

EDIT: disabling HTTP/2 will significantly slow down the speed of your website, this is not a permanent solution. The problem turned out to be caused by our webapp sending a wrong authentication header to the server.

To still disable HTTP/2, see below.

(OP gave a helpful answer, but in the question. I moved the answer):

I did work around my HTTP/2 problem by configuring Windows 10 HTTP.SYS in the registry to disable HTTP/2. Given that I didn't find info anywhere, I thought I'd share my solution to that problem here too. I would like to find a way of doing this through WWSAPI though.

If I turned off SPDY support in the client browser, it would work but I wanted to turn this off at the server side (HTTP.SYS on Windows 10) so that it wouldn't negotiate HTTP/2 but would use the older more compatible HTTP(S).

Discovered two new registry settings for HTTP.SYS in:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters

  • EnableHttp2Tls REG_DWORD 0
  • EnableHttp2Cleartext REG_DWORD 0

Adding these values and setting both to 0 in Windows 10 resulted in HTTP/2 / SPDY not being negotiated and my ERR_SPDY_PROTOCOL_ERROR problems went away without requiring browser configuration changes. I'm not suggesting there is anything wrong with Windows 10 HTTP/2, the problems may be with certain browsers.

This may work for IIS too, but I don't use that so I haven't tried and in any case there may be a better way to do this in IIS.

Hope this helps others too.

I can confirm this helps for IIS too, but I had to restart my computer.

Cornetist answered 12/8, 2015 at 21:21 Comment(8)
After setting the registry values and restarting my computer, I found out the the root cause of my SPDY issue was a connection reset coming from the server.Abaddon
Although now I'm wondering, What if we want to shut off SPDY but not HTTP/2?Precipitant
@EddieLoeffen Care to elaborate?Tragus
@Tragus disabling SDPY on my computer forced connections to use HTTP/1.1 again. When I ran the same API call that was previously returning ERR_SPDY_PROTOCOL_ERROR, Chrome now told me the connection was reset. After fixing the bug causing a connection reset, I could re-enable SPDY without getting a protocol error.Abaddon
@EddieLoeffen Aha! Thanks!Tragus
I, too, can confirm this works for Windows Server 2014 running IIS 10.0. It appears that HTTP/2, in conjunction with certain ciphers, causes modern browsers to throw a security exception. Disabling HTTP/2 fixes this issue by forcing IIS to use TLS 1.2 with the same ciphers. This is apparently more secure than the HTTP/2 option flag on.Araucania
Is there a way to turn off just SPDY and not HTTP2? @AraucaniaSelfeffacement
@EddieLoeffen what was the bug causing connection reset?Saenz

© 2022 - 2024 — McMap. All rights reserved.