Search code examples
sslnginxconfigurationhttp2

HTTP2 doesn't work on Nginx 1.10.1, Openssl 1.2.h and Chrome 51.0.2704.103

I generate a SSL certificates with compile-installed openssl-1.2.h (But I install the openssl-devel with yum). And here's my nginx(1.10.1) configuration. server { charset utf-8; listen 443 ssl http2; server_name localhost;

ssl on;
ssl_certificate /etc/ssl/certs/aa_2048.crt;
ssl_certificate_key /etc/ssl/certs/aa_2048.key;

#
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/private/aa_2048.dhparam;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
keepalive_timeout 70;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m; 
...
}

I use chrome 51.0.2704.103 to open the link but it uses http/1.1 protocol instead of http/2.x that I suposed. So what's wrong with it?

Here's the process of openssl and nginx. --> https://github.com/AarioAi/Conf/tree/aario/Dockerfiles Not the master branch, but the branch aario.

enter image description here

enter image description here

Here's the process of openssl and nginx.

enter image description here

enter image description here

enter image description here

Solution

  • Did you compile Nginx using openssl 1.0.2h or only use that to generate the cert csr?

    Can you edit your question to add the output of "nginx -V" ?

    Guessing it was compiled using openssl 1.0.1 and Chrome requires openssl 1.0.2 or above as it needs ALPN (https://ma.ttias.be/day-google-chrome-disables-http2-nearly-everyone-may-31st-2016/).

    If HTTP/2 works for other browsers (e.g. Opera or Firefox) then that'll be the reason why.