http2 shows http1 in protocol

Question

I've setup https on nginx with "Let's Encrypt" but it's unclear if the http2 is used when accessing the site.

I enable http2 by adding listen [::]:443 ssl http2 default_server; to the nginx config

When I check the https protocol for the site in Chrome Developer Tools (View -> Developer -> Developer Tools) and reload the page (View -> Reload This Page). Then navigate to the Network tab, click on table header row that starts with Name, right-click on it, and select the Protocol option.

It says http/1.1 instead of h2 for http2. But for my Google font which is accessed via google.com it says h2 And when checking the domain at https://tools.keycdn.com/http2-test it says that the site support http2

When I run curl --http2 -I https://example.com/ I get curl: (1) Unsupported protocol

So I am a bit confused here.

Do I need to do anything more to make it work with http2?

Here is my complete NGINX config file:

server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;

include snippets/ssl-www.example.com.conf;
include snippets/ssl-params.conf;

root /var/www/html;
index index.php index.html index.htm;

server_name example.com;

#Password protects the test subdomain
##  auth_basic "Restricted Content";
##  auth_basic_user_file /etc/nginx/.htpasswd;

location ~ /.well-known {
allow all;
}
location / {
try_files $uri $uri/ /index.php$is_args$query_string;
# include /etc/nginx/naxsi.rules
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
include fastcgi_params;
}
location ~ \.php$ {
#match actual filename with extension or file not found
#try_files $uri $uri =404;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
server {
listen [::]:80 default_server ipv6only=on;
listen 80 default_server;
server_name www.example.com;
return 301 https://example.com$request_uri;
}

For your info I followed this tutorial when setting up Let's Encrypt: digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

nginx version: nginx/1.10.0 (Ubuntu 16.04)

I'm testing on Windows 10 latest Chrome

ssllabs.com/ssltest shows: TLS 1.2 Yes TLS 1.1 Yes TLS 1.0 Yes SSL 3 No SSL 2 No

Handshake Simulation IE 11 / Win 10 R RSA 2048 (SHA256) TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp384r1 FS

Protocol Details: SSL 2 handshake compatibility Yes HTTP Requests: (HTTP/1.1 200 OK) NPN Yes h2 http/1.1

Answer 1

for people still looking and havent read through the comments:

try disabling Bitdefender SSL Scanning or Bitdefender Encrypted web scan

@BazzaDP Ah issued by Bitdefender...!... :-) It seems you are right... – Gabriel Jan 29 '17 at 8:54 1

Mystery solved! When I disable SLL scanning in Bitdefender my site now shows h2..!.. So the code was correct all the time, just my Antivirus program... Thanks @BassaDP !!! – Gabriel Jan 29 '17 at 9:20