Tuesday, 20 November 2018

Nginx HTTP/2 openssl NPN issue

We wanted to make one of our website HTTP/2 enabled. The website was running on Ubuntu 14.04 server and on Nginx web server version 1.14.0 (Nginx added HTTP/2 support since version 1.9.5). We did all the necessary configurations of Nginx and we were ready to go. But when we checked the website from our most commonly used web-browser Google chrome and Firefox, it showed that the website’s contents were loaded with HTTP/1.1 not with HTTP/2 as we expected.

When we checked the access log of the website, we could see HTTP/1.1 request only which was really strange for us as we did all necessary Nginx configurations for HTTP/2. Then we verified the HTTP/2 support for the website using the online tool and this tool showed that our website supports HTTP/2.
After doing some web search, we came across a nice blog: which explained what was going wrong, please go through it.
The main reason why our website was not opening in HTTP/2 on major browsers, because the vendors have stopped supporting the Next Protocol Negotiation (NPN) method for upgrading a connection to HTTP/2. Now most of the newer versions of web browsers support the new standard, Application Layer Protocol Negotiation (ALPN). So the operating system on which the web server is running must provide a version of OpenSSL that supports ALPN. OpenSSL 1.0.2 or later supports ALPN. We were using Ubuntu 14.04 and which has OpenSSL version 1.0.1f and this version do not support ALPN. Ubuntu 16.04 LTS has OpenSSL version 1.0.2g and this one supports ALPN. So we shifted the website to another server with Ubuntu OS with version 16.04 LTS and then configured HTTP/2 on Nginx and the website started opening in HTTP/2 in web browsers.