HTTP/2 not working on RHEL 6 & Apache 2.4.34

Question

I'm having an issue getting HTTP/2 working on our server. Below is our configuration:

# httpd -v
Server version: Apache/2.4.34 (IUS)

# apachectl -M
Loaded Modules:
....
http2_module (shared)
....
mpm_event_module (shared)

# more vhost.conf
....
SSLEngine on
SSLCipherSuite AES256-SHA:AES128-SHA:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA
SSLProtocol TLSv1.2
....
Protocols h2 h2c http/1.1

I've read on numerous posts that this could be an issue with mpm_prefork, but as you can see, we're using mpm_event. Also read that it could be an issue with a blacklisted SSLChpherSuite, but none of the ones we're using are on the blacklist. Looking at the headers, I do see the upgrade:

Version: HTTP/1.1
....
Upgrade h2,h2c

This should be working, but every online test we run tells us that our server doesn't support HTTP/2. Any help would be greatly appreciated.

Answer 1

Also read that it could be an issue with a blacklisted SSLChpherSuite, but none of the ones we're using are on the blacklist.

All of them are on the blacklist!

AES256-SHA is TLS_RSA_WITH_AES_256_CBC_SHA for example as can be seems here: https://testssl.sh/openssl-rfc.mapping.html

Use the Mozilla SSL config generator to pick a better cipher list. If you support TLSv1.2, you will support better ciphers.

The other reason could be lack of ALPN support. You need your Apache to have been built with OpenSSL 1.0.2 or better to have this.

And final reason can be if something else is sitting in front of your server (e.g. a loadbalancer) and it is the entry point and doesn’t support HTTP/2.

Running your server through https://www.ssllabs.com/servertest/ should confirm ALPN support, what ciphers you support and even if HTTP/2 support.