HTTP2 Response “Upgrade h2”
Hi there!
Current situation
I usually develop for web and my clients use mainly Apache 2.4 for their implementations. So for local development I use the server available on my computer that uses MacOS High Sierra.
Apache comes with the http2 module that needs to be enabled in the configuration. However, the server always responds with an “Upgrade: h2” and selects HTTP/1.1 instead of using the new and modern protocol.
From what I have seen it is a problem with the version of the cryptography library used. To use HTTP/2 you must have more modern versions of openssl.
Source: http://icing.github.io/mod_h2/howto.html#openssl
OpenSSL 1.0.2 and onward.
LibreSSL 2.5.0 and onward.
Response header:
Server: Apache/2.4.27 (Unix) LibreSSL/2.2.7 PHP/7.1.7
Solution
Rebuild the Apache server with the most updated openssl library that allows the use of HTTP/2.
To achieve that, unfortunately, it is necessary to install many other software, such as libnghttp2, openssl, php, apache, etc. So it's kind of tedious to do all that without complicating things with the same packages already implemented in the system.
I have tried that Apple solve this, but apparently they are not interested. Or maybe there are not many requests for this feature. That is, if someone implemented the module http2 in Apache of MacOS High Sierra, at least they should verify it, or not?
Question
I opened a case about it 100340669535 but I have not seen any results.
Is there any effective mechanism where Apple can handle this request?
Config
Listen 443 https
<VirtualHost *:443>
Protocols h2 http/1.1
ServerAdmin some@email.com
DocumentRoot "/Users/develop/localhost"
ServerName localhost
ErrorLog "/Users/develop/logs/localhost-secure-error_log"
CustomLog "/Users/develop/logs/localhost-secure-access_log" common
SSLEngine on
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile /etc/apache2/ssl/localhost.crt
SSLCertificateKeyFile /etc/apache2/ssl/localhost.key
SSLCertificateChainFile /etc/apache2/ssl/ca-chain.crt
Header always set Strict-Transport-Security "max-age=15768000"
</VirtualHost>
MacBook Air, macOS High Sierra (10.13.4), Apache modules