Why doesn't Chrome browser recognize my http2 server?

Question

I setup my Nginx conf as per Digital Ocean paper, and now http2 is available.

But in Chrome (Version 54.0.2840.98 (64-bit)) Dev tool, it's always on HTTP 1/1:

NAME             METHOD  STATUS  PROTOCOL
shell.js?v=xx..    GET    200     http/1/1

My server is running Ubuntu 16.04 LTS which supports both ALPN & NPN, and the openssl version shipped with it is 1.0.2g.

I checked http2 support with this tool site and the result is:

Yeah! example.com supports HTTP/2.0. ALPN supported...

Also checking with curl is OK:

 $ curl -I --http2 https://www.example.com
  HTTP/2 200 
  server: nginx/1.10.0 (Ubuntu)
  date: Tue, 13 Dec 2016 15:59:13 GMT
  content-type: text/html; charset=utf-8
  content-length: 5603
  x-powered-by: Express
  cache-control: public, max-age=0
  etag: W/"15e3-EUyjnNnyevoQO+tRlVVZxg"
  vary: Accept-Encoding
  strict-transport-security: max-age=63072000; includeSubdomains
  x-frame-options: DENY
  x-content-type-options: nosniff

I also checked with is-http2 cli from my console:

is-http2 www.amazon.com
× HTTP/2 not supported by www.amazon.com
Supported protocols: http/1.1

is-http2 www.example.com
✓ HTTP/2  supported by www.example.com
Supported protocols: h2 http/1.1

Why doesn't Chrome recognise it?

How can I check it also with Safari (v 10.0.1)?

Answer 1

In my case, chrome generated following excerpt in chrome-net-export-log.json file.

HTTP2_SESSION_RECV_INVALID_HEADER
--> error = "Invalid character in header name."
--> header_name = "x-xss-protection:"
--> header_value = "1; mode=block"

After removing : from the header name, the problem was resolved.

Answer 2

I had the same issue. I my case it was because I enabled TLS1.3 in NGINX. See Why is my site not using http/2 while it is http/2 enabled

Answer 3

Will likely be one of two reasons:

1. You are using anti-virus software and it is MITM your traffic and so downgrading you to HTTP/1.1. Turn off https traffic monitoring on your AV to connect directly to the server. You can check if this is the case by using an online tool to test your site for HTTP/2 support.

2. You are using older TLS ciphers and specifically one that Chrome disallows for HTTP/2 (https://http2.github.io/http2-spec/#BadCipherSuites) as per Step 5 of above guide. Scan your site using https://www.ssllabs.com/ssltest/ to check your TLS config and improve it.

The third reason is lack of ALPN support in your SSL/TLS library (i.e. You are using openssl 1.0.1 and need to be one 1.0.2 or later, for example) but you have already confirmed you have ALPN support so skipping that for this answer.