HTTP2 / ALPN does not work when using wildfly-openssl ----------------------------------------------------- Key: WFCORE-1874 URL: https://issues.jboss.org/browse/WFCORE-1874 Project: WildFly Core Issue Type: Bug Components: Security, Server Reporter: Stuart Douglas Assignee: Stuart Douglas Labels: wildfly-openssl wildfly-openssl version used: {{1.0.0.Alpha1}}. I have a problem to use HTTP2 on EAP when using OpenSSL implementation based on the wildfly-openssl project. When I use standard 'TLS' protocol, HTTP2 works just fine (using Chrome as a client). But when I switch to 'openssl.TLS', client uses HTTP/1.1 and never upgrade to HTTP2. What I do: # start EAP # perform request to: https://localhost:8443 ----- HTTP2 is used here # {{/core-service=management/security-realm=ApplicationRealm/server-identity=ssl:write-attribute(name=protocol,value=openssl.TLS)}} # reload # perform request to: https://localhost:8443 ----- HTTP/1.1 is used here I tried to check in Wireshark. When I compared Client and Server Hello packets, I can see that in both cases the Client Hello packets contains TLS ALPN extension part with offered protocols h2 and http/1.1. Although Server Hello packets differs. When 'TLS' is used, then Server Hello packet contains ALPN extension with chosen protocol of 'h2'. But when 'openssl.TLS' is used, I can see that appropriate Server Hello packet does not contain ALPN extension part at all, which I presume leads that HTTP/1.1 protocol is used for further communication. Not sure whether it is related somehow, I can also see that different types of ciphers are used - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 in case of 'TLS' and TLS_RSA_WITH_AES_128_GCM_SHA256 in case of 'openssl.TLS'. My openssl version is: {{1.0.2j-fips}} Not sure whether there must be performed some extra configuration to make HTTP2/ALPN work when using openssl implementation.