Tried matching hte ciphers on haproxy as I have on apache, and removed the h2:
bind :443 ssl crt /etc/ssl/hospitality.pro.pem no-sslv3 alpn http/1.1 ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256 page loads fine … its only when the h2 is in there that it fails … I’ve also tried, just in case, to build / run the 1.7.x dev branch … neither seems to work ... > On Dec 16, 2015, at 12:10, Marc Fournier <scra...@hub.org> wrote: > > > Okay … thanks to Vincent/Lukas, I have a 1.6.2 built that has OpenSSL 1.0.2 > statically linked … so this line now works, in so far as letting the server > start up: > > bind :443 ssl crt /etc/ssl/cert.pem no-sslv3 ciphers TLSv1.2 alpn > h2,http/1.1 > > When I hit the server, the haproxy.log file shows: > > Dec 16 19:59:14 galera1 haproxy[436]: 24.108.76.221:63643 > [16/Dec/2015:19:59:14.120] https-in~ https_appserver/web2 159/0/1/0/160 400 > 424 - - ---- 0/0/0/0/0 0/0 "PRI * HTTP/2.0” > > If I point my browser to, and look at the log file on the web head, it shows > HTTP/2: > > 24.108.76.221 - - [16/Dec/2015:20:04:10 +0000] "GET / HTTP/2" 200 12024 "-" > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, > like Gecko) Chrome/47.0.2526.106 Safari/537.36” > > Web head is running Apache 2.4.18 w/ mod_http2 … > > Do I need to add something to the server line for this too? > > == > server web2 119.81.152.73:443 weight 1 maxconn 30 check ssl verify none > == > > I noticed on > https://www.eclipse.org/jetty/documentation/current/http2-configuring-haproxy.html > that he did ‘mode tcp’ on the https:// ones … tried that, made no difference > … > > The message I get in the browser is “The webpage is not available … > ERR_SPDY_PROTOCOL_ERROR” … browser I’m using is latest Google Chrome … > > Please advise … > > > >
