Opened 9 years ago
Closed 9 years ago
#851 closed defect (duplicate)
HTTP/2 connection abort in Firefox
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | documentation | Version: | 1.9.x |
| Keywords: | http/2 firefox | Cc: | |
| uname -a: | Linux scw-b9e7d1 4.1.6-249 #1 SMP Mon Aug 31 12:34:47 UTC 2015 armv7l GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.9.7
built by gcc 4.9.2 (Debian 4.9.2-10) built with LibreSSL 2.3.1 TLS SNI support enabled configure arguments: --with-openssl=/home/user/libressl_src/libressl-2.3.1 --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_v2_module --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security' --with-ld-opt=-Wl,-z,relro --with-ipv6 |
||
Description
What i have:
Firefox 42 Win10 x64
Nginx 1.9.7 (based on source code for debian package but build with libressl to support ECDHE+CHACHA20)
And this config for Site:
server {
listen 80 default_server;
listen [::]:80 ipv6only=on default_server;
server_name www.domain.tld domain.tld;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server ipv6only=on;
server_name www.domain.tld domain.tld;
add_header Strict-Transport-Security "max-age=10886400; preload";
add_header X-Content-Type-Options "nosniff";
ssl on;
ssl_certificate /etc/letsencrypt/live/www.domain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.domain.tld/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.domain.tld/fullchain.pem;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180h;
ssl_session_tickets on;
ssl_session_ticket_key /etc/nginx/ssl/ticket.key;
ssl_ecdh_curve secp384r1;
ssl_stapling on;
ssl_stapling_verify on;
# Google DNS, Open DNS
resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=300s;
resolver_timeout 3s;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE+CHACHA20:ECDHE-RSA-AES256 GCM-SHA384:ECDHE+AES256+SHA384:ECDHE+AES256+SHA';
root /var/www/domain.tld/;
index index.html;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
What Happen:
In Firefox website doesn't load, showing just blank page
If first was http it receive redirection to https and then showing blank page.
If i disable http/2 support in Firefox, site loads up.
In Google Chrome everything works fine.
Change History (3)
comment:1 by , 9 years ago
comment:2 by , 9 years ago
Discovered problem - HTTP/2 Required support for TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
https://tools.ietf.org/html/rfc7540
But Chrome and some other browsers works fine without it (and use strong ciphers)
But not Firefox.
Some warning about absence of TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 when HTTP/2 enabled can be helpfull.
comment:3 by , 9 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
Duplicate of #794. See also note about using ssl_prefer_server_ciphers in the docs.
Component should be nginx-module, miss click