HTTP/2 returning weird symbols

Question

So I switched my nginx server over to use HTTP/2, and it works for Edge and Chrome. On IE11 however I'm getting no response, only this:

http://i.imgur.com/zGRI6th.png

On firefox the page simply refuses to redirect or load, not even an error message.

My SSL settings look like this:

ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
ssl_prefer_server_ciphers on;

What would be causing an issue like this, as I'm confused why it's working in Edge and Chrome but nowhere else?

Also, when downloading files, I get corrupted ZIPs and BZ2s which is making it even more confusing.

Nginx version is 1.9.7 if that helps.

I have downgraded to 1.8.0 in the meantime. :(

Is the encoding set correctly in your Nginx configuration file? — André Borie, Jan 10 '16 at 12:24
What do you mean? I don't believe I have it set, but what's the option called? — Rhododendron, Jan 10 '16 at 12:25
Hmmm setting the charset to utf-8 got ie11 to not spit that error :D Thank you! But FireFox still refuses to load anything at all. — Rhododendron, Jan 10 '16 at 12:43
The question refers to TLS/SSL settings but the screenshot shows an *http* url. What is the setup like in this regard? — Håkan Lindqvist, Jan 29 '16 at 07:15
What do you mean? I figured that the issue arises from the SSL settings. I'm probably wrong though. Basically I'm unable to load the website when HTTP/2 is enabled under FireFox. The website simply does not load. No headers are received at all. — Rhododendron, Jan 29 '16 at 14:16

Tim · Answer 1 · 2016-01-10T23:35:25.003

0

I believe HTTP/2 only works over TLS1.2. Try taking out 1.0 and 1.1. Also remove the caching for diagnosis. Here's my working HTTP/2 configuration with a Let's Encrypt certificate. HTTP/2 support is still relatively new, suggest upgrading to the latest nginx, currently 1.9.9.

ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.pem;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

This may not solve your problem but it's will at least give some information that will help diagnosis.

edited Jan 10 '16 at 23:35

answered Jan 10 '16 at 18:36

Tim

30,383
6
47
77

Alright now the page doesn't load with those ciphers: ssl_error_no_cypher_overlap in FF, and ERR_CONNECTION_RESET in Chrome. OpenSSL version is OpenSSL 1.0.2e. Also with the posted ciphers the error still happens :( Hasn't anyone else experienced a similar issue? – Rhododendron Jan 10 '16 at 22:33
HTTP/2 support is still new, try upgrading to v1.9.9. I hope you're doing this on a test server rather than production. – Tim Jan 10 '16 at 23:34
Alright! I wish others were experiencing this because it's an odd issue! – Rhododendron Jan 11 '16 at 03:57
There's always a first, unfortunately you're it this time. What happens with nginx 1.9.9? I have a guide that can help you download it on Centos/Amazon Linux or build it if you like. Guide isn't ready but I can cut that bit out. It's not particularly difficult. – Tim Jan 11 '16 at 06:00
Updated to 1.9.9, same issue. I don't think they really made any changes to the http/2 inclusion, as the changelog doesn't specify anything. – Rhododendron Jan 11 '16 at 12:52
I'm on OpenSSL 1.0.1k-fips, so your version is newer. I find the "no cypher overlap" weird when you tried my config, it works for me in IE11 plus the latest Firefox and chrome, that seems like a clue - check here for browser support https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers – Tim Jan 11 '16 at 18:19
No it should be supported, I'm on the latest version of FF and Google's http/2 support is fine. It has to be a server/configuration reason. – Rhododendron Jan 11 '16 at 22:26
Or I'm not understanding your response :( – Rhododendron Jan 12 '16 at 08:40

HTTP/2 returning weird symbols

1 Answers1