<div dir="ltr">Does this help?<div><br></div><div><div>$ curl -v --http2 <a href="https://ServerAddressInQuesion/">https://ServerAddressInQuesion/</a> > /dev/null</div><div> % Total % Received % Xferd Average Speed Time Time Time Current</div><div> Dload Upload Total Spent Left Speed</div><div> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 23.94.173.87...</div><div>* TCP_NODELAY set</div><div>* Connected to <a href="http://onondagalibertarians.org">onondagalibertarians.org</a> (23.94.173.87) port 443 (#0)</div><div>* ALPN, offering h2</div><div>* ALPN, offering http/1.1</div><div>* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH</div><div>* successfully set certificate verify locations:</div><div>* CAfile: /etc/ssl/cert.pem</div><div> CApath: none</div><div>* TLSv1.2 (OUT), TLS handshake, Client hello (1):</div><div>} [230 bytes data]</div><div>* TLSv1.2 (IN), TLS handshake, Server hello (2):</div><div>{ [108 bytes data]</div><div>* TLSv1.2 (IN), TLS handshake, Certificate (11):</div><div>{ [2818 bytes data]</div><div>* TLSv1.2 (IN), TLS handshake, Server key exchange (12):</div><div>{ [333 bytes data]</div><div>* TLSv1.2 (IN), TLS handshake, Server finished (14):</div><div>{ [4 bytes data]</div><div>* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):</div><div>} [70 bytes data]</div><div>* TLSv1.2 (OUT), TLS change cipher, Client hello (1):</div><div>} [1 bytes data]</div><div>* TLSv1.2 (OUT), TLS handshake, Finished (20):</div><div>} [16 bytes data]</div><div>* TLSv1.2 (IN), TLS change cipher, Client hello (1):</div><div>{ [1 bytes data]</div><div>* TLSv1.2 (IN), TLS handshake, Finished (20):</div><div>{ [16 bytes data]</div><div>* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256</div><div>* ALPN, server accepted to use http/1.1</div><div>* Server certificate:</div><div>* subject: CN=ServerAddressInQuesion</div><div>* start date: Apr 28 23:40:02 2018 GMT</div><div>* expire date: Jul 27 23:40:02 2018 GMT</div><div>* subjectAltName: host "ServerAddressInQuesion" matched cert's "ServerAddressInQuesion"</div><div>* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3</div><div>* SSL certificate verify ok.</div><div>> GET / HTTP/1.1</div><div>> Host: ServerAddressInQuesion</div><div>> User-Agent: curl/7.55.1</div><div>> Accept: */*</div><div>> </div><div>< HTTP/1.1 200 OK</div><div>< Date: Fri, 20 Jul 2018 22:35:11 GMT</div><div>< Server: Apache/2.4.25 (Debian)</div><div>< Upgrade: h2,h2c</div><div>< Connection: Upgrade</div><div>< Set-Cookie: PHPSESSID=qdm1u9qfcj6fet1iv73og2kgf2; path=/</div><div>< Expires: Thu, 19 Nov 1981 08:52:00 GMT</div><div>< Cache-Control: no-store, no-cache, must-revalidate</div><div>< Pragma: no-cache</div><div>< Link: <<a href="https://ServerAddressInQuesion/index.php?rest_route=/">https://ServerAddressInQuesion/index.php?rest_route=/</a>>; rel="<a href="https://api.w.org/">https://api.w.org/</a>"</div><div>< Link: <<a href="https://ServerAddressInQuesion">https://ServerAddressInQuesion</a>>; rel=shortlink</div><div>< Vary: Accept-Encoding</div><div>< Transfer-Encoding: chunked</div><div>< Content-Type: text/html; charset=UTF-8</div><div>< </div><div>{ [6 bytes data]</div><div>100 35836 0 35836 0 0 35836 0 --:--:-- --:--:-- --:--:-- 84718</div><div>* Connection #0 to host ServerAddressInQuesion left intact</div></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jul 20, 2018 at 6:06 PM, Sebastian Andrzej Siewior <span dir="ltr"><<a href="mailto:sebastian@breakpoint.cc" target="_blank">sebastian@breakpoint.cc</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 2018-07-20 17:16:40 [-0400], Mike Rotondo wrote:<br>
> I expected an update to roll out that fixed the problem<br>
<br>
Thank you for the informative bug report. If I put the pieces correctly<br>
together then since the point release you have your apache2 server not<br>
serving ALPN/h2 but only "normal" http/1.1 as you put it. Am I correct?<br>
<br>
If so, then this bug should be moved to openssl1.0 because apache2 in<br>
Stretch is using libssl1.0.2 and not libssl1.1. Other than that: Could<br>
you please check if downgrading either apache2 or libssl1.0.2 helps?<br>
The part that puzzles me most is that you received an update to<br>
libssl1.0.2 (and libssl1.1) via the point release and not via security<br>
which would be a good idea. Like *really* good idea.<br>
<br>
Now, if you downgrade I bet that downgrading apache2 helps. In that<br>
case we could move that report over to apache or close it right away. I<br>
speculate on apache because of this piece in its changelog [0]:<br>
<br>
|Unfortunately, this also removes support for http2 when running on<br>
|mpm_prefork.<br>
<br>
[0] <a href="https://tracker.debian.org/news/969425/accepted-apache2-2425-3deb9u5-source-amd64-all-into-proposed-updates-stable-new-proposed-updates/" rel="noreferrer" target="_blank">https://tracker.debian.org/<wbr>news/969425/accepted-apache2-<wbr>2425-3deb9u5-source-amd64-all-<wbr>into-proposed-updates-stable-<wbr>new-proposed-updates/</a><br>
<span class="HOEnZb"><font color="#888888"><br>
Sebastian<br>
</font></span></blockquote></div><br></div>