尽管“升级"功能不会将浏览器升级到h2(HTTP/2).标头已发送 [英] Browser won't upgrade to h2 (HTTP/2) although "Upgrade" headers are sent
问题描述
我正在尝试使h2(HTTP/2)在我的Web服务器上工作.通过"ondrej"安装Apache 2.4.20.资料库.我在Debian 8和Ubuntu 14.04服务器上进行了测试,但是仍然遇到相同的问题.我正在运行OpenSSL 1.0.2和SSL虚拟主机.
I'm trying to get h2 (HTTP/2) to work on my webserver. Installed Apache 2.4.20 via the "ondrej" repository. I tested on a Debian 8 and Ubuntu 14.04 server, but I keep running into the same problems. I have OpenSSL 1.0.2 and SSL vhosts running.
奇怪的是,发送了升级头(连接:升级和升级:h2).当我进行一些外部服务器测试时,得到的响应是h2在ALPN支持下运行正常.但是问题是我测试过的浏览器(Win7上的Chrome和FireFox)无法升级到h2.
The strange thing is that the upgrade headers (Connection: upgrade and Upgrade: h2) are sent. When I do some external server testing I get the responses that h2 is running properly with ALPN support. But the problem is the browsers I tested on (Chrome and FireFox on Win7) won't upgrade to h2.
我注意到缺少的一件事是HTTP/2-Settings标头,但我在任何Apache文档中都找不到实现该标头或强制Apache发送此标头的东西.
One thing which I noticed which is missing is the HTTP/2-Settings header, but I can't find anything in any Apache documentation to implement this or force Apache to send this header.
可悲的是,我无法使用cUrl进行测试,因为我可以访问的服务器不支持任何支持HTTP/2的版本.
Sadly I couldn't test with cUrl, since the servers I have access to don't support any version which has HTTP/2 support.
我的SSL虚拟主机设置:
My SSL vhost settings:
Protocols h2 http/1.1
SSLEngine On
SSLCACertificateFile xxxxxxxx
SSLProtocol all -SSLv2 -SSLv3
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RSA+AES RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4 !AES128"
Header always set Strict-Transport-Security "max-age=15552000;includeSubDomains"
SSLCertificateFile xxxxxxxx
SSLCertificateKeyFile xxxxxxxx
我正在使用prefork模块而不是使用worker运行Apache.
I'm running Apache with the prefork module instead of with workers.
谁能告诉我怎么了?
推荐答案
最后,我开始使用它了.只需将"SSLChiperSuite"更改为以下字符串即可:
In the end I got it to work. It was a matter of changing the "SSLChiperSuite" to this string:
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSADS-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-A $
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-A$
旧的-可以这么说-阻止了http2的选项.我的SSL测试等级仍然是A +.
The old one had - so to speak - an option which blocked http2. My SSL test rating is still A+ btw.
这篇关于尽管“升级"功能不会将浏览器升级到h2(HTTP/2).标头已发送的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
