Error Stream error in the HTTP/2 framing layer

What is the name of the domain?

petvilla.co.nz

What is the error number?

0

What is the error message?

Stream error in the HTTP/2 framing layer

What is the issue you’re encountering

Since some days BetterStack alert me for my Website www.petvilla.co.nz Stream error in the HTTP/2 framing layer, that disappear after some minutes.

What steps have you taken to resolve the issue?

To be honest, I have not even a clue where to look. All the time when the error is reported I use my Browser, not see any problem. I checked and restarted Webserver, checked cloudflare config. Did not know where to look. Any hints?

Hello,

I’ve been having the same issue, have you found a resolution to this issue? From what it looks like I think there may be something wrong with our Cloudflare config that is tripping Better Stack. Not sure, this issue started for me like 2 days ago.

Hi,

We also have to deal with this problem on a couple sites. Issue started August 14th.

Same problem here. I contacted BetterStack and got a lengthy and knowledgable answer from Filip that showed that the problem is originated at Cloudflare. If a paying Cloudflare customer has the same problem and contact Cloudflare support, that would be nice.

Here is BetterStack’s answer:
Hi,

I’ve had a closer look into what’ happening and it indeed seems that server is returning this kind of reply. I had to give it a few tries, but after around 10 requests, I run into this as well:

shedey212@AmiZephyrus:~$ curl -vL --connect-timeout 28 --max-time 30 -H ‘User-Agent: Better Uptime Bot Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36’ ‘https://XXX/XXX

  • Trying 172.67.157.92:443…
  • Connected to XXX (172.67.157.92) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • CAfile: /etc/ssl/certs/ca-certificates.crt
  • CApath: /etc/ssl/certs
  • TLSv1.0 (OUT), TLS header, Certificate Status (22):
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS header, Certificate Status (22):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS header, Finished (20):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.2 (OUT), TLS header, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: CN=XXX
  • start date: Jul 6 12:14:30 2024 GMT
  • expire date: Oct 4 12:14:29 2024 GMT
  • subjectAltName: host “XXX” matched cert’s “*.XXX”
  • issuer: C=US; O=Google Trust Services; CN=WE1
  • SSL certificate verify ok.
  • Using HTTP2, server supports multiplexing
  • Connection state changed (HTTP/2 confirmed)
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • Using Stream ID: 1 (easy handle 0x558b36e81eb0)
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):

GET /XXX HTTP/2
Host: XXX
accept: /
user-agent: Better Uptime Bot Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • old SSL session ID is stale, removing
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)
  • stopped the pause stream!
  • Connection #0 to host XXX left intact
    curl: (92) HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)

I was also able to reproduce the same error by not using our User-Agent and on my personal computer, which would exclude any connection to our servers specifically:

shedey212@AmiZephyrus:~$ curl -vL https://XXX/XXX --connect-timeout 28 --max-time 30

  • Trying 172.67.157.92:443…
  • Connected to XXX (172.67.157.92) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • CAfile: /etc/ssl/certs/ca-certificates.crt
  • CApath: /etc/ssl/certs
  • TLSv1.0 (OUT), TLS header, Certificate Status (22):
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS header, Certificate Status (22):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS header, Finished (20):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.2 (OUT), TLS header, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: CN=XXX
  • start date: Jul 6 12:14:30 2024 GMT
  • expire date: Oct 4 12:14:29 2024 GMT
  • subjectAltName: host “XXX” matched cert’s “*.XXX”
  • issuer: C=US; O=Google Trust Services; CN=WE1
  • SSL certificate verify ok.
  • Using HTTP2, server supports multiplexing
  • Connection state changed (HTTP/2 confirmed)
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • Using Stream ID: 1 (easy handle 0x55fb5eccaeb0)
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):

GET /XXX HTTP/2
Host: XXX
user-agent: curl/7.81.0
accept: /

  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • old SSL session ID is stale, removing
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.2 (OUT), TLS header, Supplemental data (23):
  • HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)
  • stopped the pause stream!
  • Connection #0 to host XXX left intact
    curl: (92) HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)

Unfortunately, as you mentioned, it seems to be happening to more users, and it’s generally connected to CURL it seems, which might point to issues on Cloudflare’s side.

Would this log help you here to see what’s happened? I’d definitely recommend checking your server logs to see if there’s not something suspicious going on.

Happy to hear your thoughts on that and assist further. :raised_hands:

Kind regards,


Filip

@a1115, Can you please open a ticket for this? Put it in the “Account” category, the post the ticket # here so we can escalate. Be sure to put the actual URL you tested in the ticket. Thanks!

Done. Ticket ID: 01041380

Thanks! I’ve escalated that ticket. It’s the weekend, so it’ll most likely be a few days before someone gets back to you.

Hey,

We have found the problem and have reverted it. Thanks you all very much for reporting!

Please let us know if you see any further issues!

cc: @a1115 @user4915 @hondaman @user1512

3 Likes

Hello @Walshy

Thanks for providing a fix so quickly.

I have re-enabled BetterStack monitoring and everything is running smoothly so I think your rollback fixed the issue.

Thanks !

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.