HTTP/2 with ssl_ciphers and/or ssl_prefer_server_ciphers result into browser errors
|Reported by:||Owned by:|
When a Browser is capable to use http/2 and you use ssl_prefer_server_ciphers ( on; ) or ssl_ciphers ('ALL@STRENGTH'; ), the browser will end with handshake-errors.
SSL-Libary: LibreSSL 2.2.3 and OpenSSL 1.0.2.d tested - both affected
Chrome 45.0.2454.99 shows the following error:
Firefox 40.0.3 doesn't do anything on load, it just abort.
Currently the http2-feature is completly useless, because of the very weak ciphers (like 3DES as default). So this is a real blocker.