{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 来,给爷笑一个 的问题《Why HTTP/2 on a specific site works in FF, but doe》','https://www.manongdao.com/q-391512.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a site, that runs on a Nginx 1.10.0 on Ubuntu 16.04 server (OpenSSL 1.0.2h). I want to serve this site over HTTP/2, so I configured Nginx accordingly:
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server
And it works fine in FF 47 and Chrome 51 on my office Ubuntu 15.10 desktop and in the same browsers on my home Ubuntu 15.10 desktop.
However on my home Windows 10 desktop and laptop HTTP/2 works only in FF. Chrome 51, IE 11 and Edge are using HTTP/1.1 on this site.
So, I'm baffled. This service says, that my site supports HTTP/2 and ALPN (which is required for HTTP/2 to work in Chrome since version 51).
Chrome versions and capabilities are exactly the same:
HTTPS works, and Security panel in Chrome Dev Tools shows, that everything is secured.
This demo in Chrome, IE and Edge displays message "This browser is not HTTP/2 enabled.", and "Your browser supports HTTP/2!" in FF. But HTTP/2 on medium.com works just fine in all of this browsers.
So, my question is: what's going on and how to fix this?
Are you using antivirus software (e.g. Avast) and is it inspecting your HTTPS traffic?
It does this by acting like a MITM so you connect it it and it connects to the real website. And if they only support http/1 (which as far as I know they only do) then that would explain this. Though oddly not for for Medium unless you have an exception for this.
Should be easy enough to check by looking at the HTTPS cert when visiting the site to see if it was "issued" by your local Avast server.
If not that then suggest you look at your ciphers as HTTP/2 is picky about which ones it uses. Anything weird showing on https://www.ssllabs.com/servertest for your site? What cipher is it using for Chrome?