Http/2 is available, but not used. Please help!


#1

When checking the cdn-cgi/trace, it states that protocol used is http=http/1.1
https://we-promote.it/cdn-cgi/trace

Although, with a server check using curl -v --http2 https://we-promote.it/, h2 is active with ALPN. What can be the problem?! Please help, i tried everything and still no results so far. :frowning:

  • ALPN, offering h2
  • ALPN, offering http/1.1
  • Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: none
  • TLSv1.2 (OUT), TLS header, Certificate Status (22):
  • TLSv1.2 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  • TLSv1.2 (IN), TLS handshake, Server finished (14):
  • TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  • TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  • TLSv1.2 (OUT), TLS handshake, Finished (20):
  • TLSv1.2 (IN), TLS change cipher, Client hello (1):
  • TLSv1.2 (IN), TLS handshake, Finished (20):
  • SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
  • ALPN, server accepted to use h2
  • Server certificate:
  •    subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=sni95453.cloudflaressl.com
    
  •    start date: Aug 10 00:00:00 2017 GMT
    
  •    expire date: Feb 16 23:59:59 2018 GMT
    
  •    subjectAltName: we-promote.it matched
    
  •    issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO ECC Domain Validation Secure Server CA 2
    
  •    SSL certificate verify ok.
    
  • Using HTTP2, server supports multi-use

As well, the tools.keycdn.com/http2-test says that HTTP/2.0 is supported.
Thank you for your time and help!


#2

Cool URL!

It looks like HTTP/2 to me:

fl=12f204
h=we-promote.it
ip=2600:6c50:427f:f845:90b7:dc73:b1ff:d835
ts=1502370064.126
visit_scheme=https
uag=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8
colo=LAX
spdy=h2
http=h2
loc=US


#3

I just tried both Chrome Canary and Firefox Developer Edition and they both showing HTTP/1.1 and SPDY off. The website is also served through LAX when the closest data center to my place is SIN. Meanwhile cURL result shows that HTTP/2 is on.

uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3178.0 Safari/537.36
colo=LAX
spdy=off
http=http/1.1
loc=ID

uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
colo=LAX
spdy=off
http=http/1.1
loc=ID

uag=curl/7.54.0
colo=LAX
spdy=h2
http=h2
loc=ID

Strange…

A user shouldn’t be able to turn SPDY off. While a free user shouldn’t be able to disable HTTP/2.

At this case, I can only advise you to contact Cloudflare Support.

You can reach them at https://support.cloudflare.com/requests/new


#4

Hmm, there may be an issue with the DE location. I didn’t check that.

fl=67f6
h=we-promote.it
ts=1502373075.555
visit_scheme=https
uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
colo=TXL
spdy=off
http=http/1.1
loc=DE

fl=20f70
h=we-promote.it
ts=1502373465.097
visit_scheme=https
uag=Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 OPR/45.0.2552.898
colo=AMS
spdy=h2
http=h2
loc=NL

Interesting. I will contact the support and verify this. Thank you very much for the help!


#5

So, managed to get it fixed, thanks to support. So, if anyone is experiencing a similar problem, for me it was the antivirus to blame (totally surprising!). The Scan SSL module from Bitdefender was causing that and was downgrading the protocol, once turned off, h2 was active on that loc. First time i experience something like that, but disabling the Scan SSL module fixed it.