{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 三岁会撩人 的问题《Browser won't upgrade to H2 altough “Upgrade”》','https://www.manongdao.com/q-800972.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
On my webserver I'm trying to get H2 (http2) to work. Installed Apache 2.4.20 via the "ondrej" repository. I tested on a Debian 8 and Ubuntu 14.04 server, but I keep running into the same problems. I have OpenSSL 1.0.2 and SSL vhosts running.
The strange thing is that the upgrade headers (Connection: upgrade and Upgrade: h2) are sent. When I do some external server testing I get the responses that h2 is running properly with ALPN support. But the problem is the browsers I tested on (Chrome and FireFox on Win7) won't upgrade to H2.
One thing which I noticed which is missing is the HTTP2-Settings header, but I can't find anything in any Apache documentation to implement this or force Apache to send this header.
Sadly I couldn't test with cUrl, since the servers I have access to don't support any version which has http2 support.
My SSL vhost settings:
Protocols h2 http/1.1
SSLEngine On
SSLCACertificateFile xxxxxxxx
SSLProtocol all -SSLv2 -SSLv3
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RSA+AES RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4 !AES128"
Header always set Strict-Transport-Security "max-age=15552000;includeSubDomains"
SSLCertificateFile xxxxxxxx
SSLCertificateKeyFile xxxxxxxx
I'm running Apache with the prefork module instead of with workers.
Who can tell me what's wrong?
In the end I got it to work. It was a matter of changing the "SSLChiperSuite" to this string:
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-A$
The old one had - so to speak - an option which blocked http2. My SSL test rating is still A+ btw.
I have the same problem, so i tried out your "solution". But with this cipherSuite-Code most of all IEs, Androids und Safari will be blocked because of "handshake_failure"!
It testet on https://www.ssllabs.com/ssltest/analyze.html
Do you know which of the cipherSuite-entries did block the HTTP2 (ALPN not available)?
You cannot upgrade to the
h2protocol.The HTTP/1.1 upgrade mechanism is something that is initiated by clients.
If I understood you correctly, and you're trying to send the
Upgradeand theHTTP2-Settingsheaders from server to client, then that does not make sense. Clients send those headers, not the server.Furthermore, while the HTTP/2 protocol itself allows for clear-text communication via a HTTP/1.1 upgrade to
h2c(note thecat the end of the protocol name), browser vendors have not implemented this mechanism and only use the HTTP/2 protocol after ALPN negotiation.In summary:
h2c), but only with non-browser clients such as nghttp. This is explained here.UpgradeandHTTP2-Settingsheaders, not the server.h2). This means that you cannot have clear-text HTTP/2 between a browser and a server.prefork
You mentioned, that you use prefork mpm. The Apache webserver will not use HTTP/2 if configured with the prefork mpm, it will default back to HTTP 1.1.
While this may have worked at the time the question is asked, this will not work currently. Use a different mpm or switch to php-pm and worker or event.
HTTPS
As already mentioned in one of the answers, encryption can be an issue. The server should be configured correctly for HTTPS and requests should be served over HTTPS.