Bug ID 869565: Disabling of HTTP/2 profile on server side does not prevent h2 in ALPN

Last Modified: Oct 01, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4, 16.0.0,, 16.0.1,,

Fixed In:

Opened: Jan 16, 2020
Severity: 4-Minor


HTTP/2 protocol can be negotiated with the Application-Layer Protocol Negotiation (ALPN) on the Transport Layer Security (TLS) level of communication. When an iRule disables HTTP/2 on a server side, it is assumed that the BIG-IP system no longer offers h2 to a server as an option.


The BIG-IP system offers h2 as an option in ALPN when the HTTP/2 profile is disabled on a server side. If h2 is accepted by the server, communication fails since HTTP/2 is disabled and does not decode HTTP/2 traffic.


-- A virtual server has an HTTP/2 profile configured on both the client and server sides. -- A server SSL profile is configured on the virtual server. -- An iRule using the 'HTTP2::disable serverside' command is attached to the virtual server.



Fix Information

When a command 'HTTP2::disable serverside' is executed, the BIG-IP system correctly disables the HTTP/2 profile on a server side, and no longer offers h2 when negotiating a protocol over ALPN.

Behavior Change