Bug ID 869565: Disabling of HTTP/2 profile on server side does not prevent h2 in ALPN

Last Modified: Oct 25, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.0,,,,,, 14.1.2,,,,,,,,, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 16.0.0,

Opened: Jan 16, 2020
Severity: 4-Minor


HTTP/2 protocol can be negotiated with the Application-Layer Protocol Negotiation (ALPN) on the Transport Layer Security (TLS) level of communication. When an iRule disables HTTP/2 on a server side, it is assumed that the BIG-IP system no longer offers h2 to a server as an option.


The BIG-IP system offers h2 as an option in ALPN when the HTTP/2 profile is disabled on a server side. If h2 is accepted by the server, communication fails since HTTP/2 is disabled and does not decode HTTP/2 traffic.


-- A virtual server has an HTTP/2 profile configured on both the client and server sides. -- A server SSL profile is configured on the virtual server. -- An iRule using the 'HTTP2::disable serverside' command is attached to the virtual server.



Fix Information


Behavior Change