Forum Discussion

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
May 11, 2015

http2 profile and Firefox

Hi,

 

I just started to play with http2 and spdy. Both profiles are working when Chrome (42.0.2311.135 m) is used. When tested with Firefox (37.0.2) is used only spdy profile is working. With http2 profile I am getting empty page.

 

In HttpWatch I can see first GET request with result NS_ERROR_ABORT.

 

I wonder if this is only my setup or there is some general issue with Firefix, F5 and http2 - will appreciate if someone could check/confirm.

 

Test was done using 11.6.0HF4 and default http2 profile. VS is as well using AAM Web Acceleration profile but this is working OK on both Firefox and Chrome when http2 is not enabled.

 

I wonder as well how LTM is handling browser requests when both http2 and spdy profiles are used. Is there any fallback mechanism based on browser agent reported - like if browser is not compatible with http2 use spdy, if both http2 and spdy are not supported use http 1.1?

 

Piotr

 

application delivery
deployment
design
LTM
performance
TMOS

10 Replies

Sort By
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    May 11, 2015

    Is it possible a non-TLS cipher is being negotiated prior to the GET request? Firefox only supports HTTP/2.0 use over TLS connections? Worth checking.

     

    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      May 11, 2015
      Thanks, will check https handshake, could be the reason. Piotr
  • What_Lies_Benea's avatar
    What_Lies_Benea
    Icon for Altostratus rankAltostratus
    May 11, 2015

    Is it possible a non-TLS cipher is being negotiated prior to the GET request? Firefox only supports HTTP/2.0 use over TLS connections? Worth checking.

     

    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      May 11, 2015
      Thanks, will check https handshake, could be the reason. Piotr
  • dragonflymr's avatar
    dragonflymr
    Icon for Cirrostratus rankCirrostratus
    May 11, 2015

    Hi,

     

    Checked ssl handshake. Negotiated cipher is TLS_DHE_RSA_WITH_AES_256_CBC_SHA.

     

    After server is sending Change Cipher Spec (over TLS 1.2) client response is FIN, ACK.

     

    So it seems that this is not non-TLS cipher issue. Any other ideas?

     

    Piotr

     

    • BinaryCanary_19's avatar
      BinaryCanary_19
      Historic F5 Account
      Feb 04, 2016
      Pretty old question I think, but you may be helped with this cipher string on your ssl profile: ECDHE+AES-GCM:DEFAULT (version 12.0).
  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Jul 31, 2015
    It does not work with FF 39 either. v11.6.0HF4 has draft 14, and I suspect that FF does not support that draft. Now that the h2 standard has been agreed on and released, I hope we can see it supported on the F5 soon.
  • Ariel_Moreno_10's avatar
    Ariel_Moreno_10
    Icon for Nimbostratus rankNimbostratus
    Feb 18, 2016

    Hello any news about this thread, I have the same problem in TMOS 12.0HF1. Opening a support case just in case.

     

    • Stanislas_Piro2's avatar
      Stanislas_Piro2
      Icon for Cumulonimbus rankCumulonimbus
      Feb 20, 2016
      Did you read all answers? The solution is Provided by fnuckles just above. Change the cipher in ssl profile and it will work.