Follow

HTTP/2 - SSL Profile Dependencies

Description

Leveraging the HTTP/2 capability requires several specific SSL/TLS settings in order to function.

 

Environment

  • Silverline WAF
  • Silverline Shape Defense
  • Silverline Layer 7 DoS
  • Proxy/Proxies

 

Procedure

Requirements on Front End SSL Profiles

  1. Navigate to Config, then Proxy / App Configuration, then SSL Management
  2. Select the Front End SSL Profiles tab
  3. Select each profile that is going to be associated with an application to leverage HTTP/2
    1. Update the cipher string to include the string: ECDHE
      1. If using a SOC-curated cipher set
        1. Copy the string from the Cipher String box
        2. Then select custom - Static from the SSL Cipher dropdown
        3. Then enter the string: ECDHE
        4. Then paste in what you've copied
        5. Example result:   ECDHE:TLSv1_2+HIGH:TLSv1_1+HIGH:TLSv1+MEDIUM:TLSv1+HIGH:!RC4:!3DES:!RSA:!EXPORT:!MD5:!ADH:@STRENGTH
    2. Under Advanced SSL Settings
      1. Ensure Renegotiation is disabled

 

Repeat the steps listed above for the Backend SSL profile, otherwise, a warning message as per below will be displayed.

 

backend_SSL_profile.PNG

 

*Suggestion: Create a copy of the "Silverline_Server_Default" Backend SSL profile, name it with an indicator that supports HTTP2, for example: "HTTP2_Silverline_Server_Default", and performs the changes described above for the Front End SSL profile.

 

Related Content

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request