Login/Register
Why doesn't Chrome browser recognize my http2 server?
Asked Answered
Solved google-chromenginxwebserverhttp2
S

3

11

I setup my Nginx conf as per Digital Ocean paper, and now http2 is available.

But in Chrome (Version 54.0.2840.98 (64-bit)) Dev tool, it's always on HTTP 1/1:

NAME             METHOD  STATUS  PROTOCOL
shell.js?v=xx..    GET    200     http/1/1

My server is running Ubuntu 16.04 LTS which supports both ALPN & NPN, and the openssl version shipped with it is 1.0.2g.

I checked http2 support with this tool site and the result is:

Yeah! example.com supports HTTP/2.0. ALPN supported...

Also checking with curl is OK:

 $ curl -I --http2 https://www.example.com
  HTTP/2 200 
  server: nginx/1.10.0 (Ubuntu)
  date: Tue, 13 Dec 2016 15:59:13 GMT
  content-type: text/html; charset=utf-8
  content-length: 5603
  x-powered-by: Express
  cache-control: public, max-age=0
  etag: W/"15e3-EUyjnNnyevoQO+tRlVVZxg"
  vary: Accept-Encoding
  strict-transport-security: max-age=63072000; includeSubdomains
  x-frame-options: DENY
  x-content-type-options: nosniff

I also checked with is-http2 cli from my console:

is-http2 www.amazon.com
× HTTP/2 not supported by www.amazon.com
Supported protocols: http/1.1

is-http2 www.example.com
✓ HTTP/2  supported by www.example.com
Supported protocols: h2 http/1.1

Why doesn't Chrome recognise it?

How can I check it also with Safari (v 10.0.1)?

Soper answered 13/12, 2016 at 7:56 Comment(2)
Stack Overflow is for programming questions. Server software support is better handled on Server Fault (but read their rules first!).Sundial
ok thanks, did not know about it ... moved my question.. and I'll close the oneSoper
C
33

Will likely be one of two reasons:

  1. You are using anti-virus software and it is MITM your traffic and so downgrading you to HTTP/1.1. Turn off https traffic monitoring on your AV to connect directly to the server. You can check if this is the case by using an online tool to test your site for HTTP/2 support.

  2. You are using older TLS ciphers and specifically one that Chrome disallows for HTTP/2 (https://http2.github.io/http2-spec/#BadCipherSuites) as per Step 5 of above guide. Scan your site using https://www.ssllabs.com/ssltest/ to check your TLS config and improve it.

The third reason is lack of ALPN support in your SSL/TLS library (i.e. You are using openssl 1.0.1 and need to be one 1.0.2 or later, for example) but you have already confirmed you have ALPN support so skipping that for this answer.

Connaught answered 13/12, 2016 at 19:20 Comment(3)
@BassaDP, thanks .. already commented your answer ( I am running an anti-virus , excluding my example.com domain solved this issue) .. Sorry for X-posting this question , as it was suggested by Colonel thirty Two !Soper
I can also confirm that this can be caused by ones anti-virus software. In my case, it was eset that was causing the issue. Disabling "Enable HTTPS checking" under "Web Access Protection"->"Web Protocols" allowed http/2 to work (unfortunately adding the address to their white list didn't seem to solve the issue).Simpleminded
Bitdefender (free) also causes this problem. Worst, it doesn't offer an option to turn only the https protection off.Kinsler
I
0

I had the same issue. I my case it was because I enabled TLS1.3 in NGINX. See Why is my site not using http/2 while it is http/2 enabled

Immunochemistry answered 10/7, 2019 at 11:18 Comment(0)
M
-1

In my case, chrome generated following excerpt in chrome-net-export-log.json file.

HTTP2_SESSION_RECV_INVALID_HEADER
--> error = "Invalid character in header name."
--> header_name = "x-xss-protection:"
--> header_value = "1; mode=block"


After removing : from the header name, the problem was resolved.

Monophonic answered 8/3, 2021 at 12:30 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.