I could use some help with this one - I took a big leap with enabling
http/2 support and I got knocked back really quick. There seems to be an
issue with POSTs and it seems to be more pronounced with ios devices (as
much as you can trust user agents) but there were some non-ios devices
seemed to be having issues also. Unfortunately I had to pull the changes
quickly so I didn’t get to capture too much debugging information (plus
the connections were via tls 1.2 w/ diffie-hellman so even if I had
taken a packet dump I wouldn’t have been able to decrypt it).
So I built a version of curl with http/2 support to try and reproduce:
curl 7.49.1 (x86_64-pc-linux-gnu) libcurl/7.49.1 OpenSSL/1.0.2h
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s
smb smbs smtp smtps telnet tftp
Features: IPv6 Largefile NTLM NTLM_WB SSL TLS-SRP HTTP2 UnixSockets
I did a test POST request with http/1 and I got a 200 response.
I did the same POST request via http/2 and the tls handshake completed
the connection was closed shortly thereafter. The error I see in the log
file is “client sent stream with data before settings were acknowledged
while processing HTTP/2 connection” I see other references to this error
POST requests when I googled for it, but I didn’t see a solution. This
sounds like an interoperability issue but I’d be shocked if I’m the
one to find something like that.
This is also different then the errors I was seeing earlier in the week
in those cases it looked like nginx as receiving the POST requests via
http/2, and forwarding to an HAProxy upstream via http/1.1. From there
requests were dispatched to servers, also via http/1.1. One set of
servers seemed to be getting duplicate requests (but only of requests
originated as HTTP/2 POSTs) and the other set running a java service
to dislike the content received and they were closing the connections.
still trying to reproduce those transactions in a dev environment w/
diffie-hellman disabled so I can get a packet capture and get a better
of what is happening.