Reputation: 606
Latest Nginx with OpenSSL 1.0.2 still won't deliver http/2
I have a server running Ubuntu 16.04 LTS with Nginx 1.112 built with OpenSSL 1.0.2h, and according a number of HTTP/2 support verficiation tools, like this one, the server is properly configured for HTTP/2 with ALPN. Yet in the latest Chrome (51.0.2704.106 (64-bit)), a reqest to the server returns with protocol http/1.1 and not h2:
I've read a number of posts here, like this one noting that Nginx built with OpenSSL versions pre 1.0.2 do not support ALPN. But I am running 1.0.2h.
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.1 LTS
Release: 16.04
Codename: xenial
$ nginx -V
nginx version: nginx/1.11.2
built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.1)
built with OpenSSL 1.0.2h 3 May 2016
TLS SNI support enabled
$ openssl version
OpenSSL 1.0.2h 3 May 2016
Qualys SSL Labs 'SSL Server Test' gives the domain an A+ SSL rating. I used Let's Encrypt to create the cert, via the method referenced here.
Could it still be an Nginx certificate configuration issue?
Any and all help greatly appreciated.
Upvotes: 1
Views: 599
Answers (1)
Reputation: 606
After all that, I was able to discover that it was a local issue. My antivirus application, Avast Mac Security, was preventing the protocol upgrade. Disabled it, and h2 is used.
BazzaDP's answer on this question is what led me to discovery:
Upvotes: 2
Related Questions
- Get Nginx work with updated openssl
- Nginx-1.19.6 + Openssl 1.1.1i - Can't do SSL handshake
- NGINX not supporting tls1.2 ciphers
- Lets Encrpt Nginx on ubuntu update
- NGINX server config with Lets Encrypt SSL, HTTP 2, and redirects
- SSL Let's Encrypt installation not working on NGINX at AWS EC2
- Nginx http2_push issue
- certificate from Let's Encrypt fails to renew
- NGINX won't listen on port 443
- HTTP2 doesn't work on Nginx 1.10.1, Openssl 1.2.h and Chrome 51.0.2704.103