HTTP/2 - SSL Profile Dependencies

Description

Leveraging the HTTP/2 capability requires several specific SSL/TLS settings in order to function.

Environment

• Silverline WAF
• Silverline Shape Defense
• Silverline Layer 7 DoS
• Proxy/Proxies

Procedure

Requirements on Front End SSL Profiles

1. Navigate to Config, then Proxy / App Configuration, then SSL Management
2. Select the Front End SSL Profiles tab
3. Select each profile that is going to be associated with an application to leverage HTTP/2
   1. Update the cipher string to include the string: ECDHE
      1. If using a SOC-curated cipher set
         1. Copy the string from the Cipher String box
         2. Then select custom - Static from the SSL Cipher dropdown
         3. Then enter the string: ECDHE
         4. Then paste in what you've copied
         5. Example result:   ECDHE:TLSv1_2+HIGH:TLSv1_1+HIGH:TLSv1+MEDIUM:TLSv1+HIGH:!RC4:!3DES:!RSA:!EXPORT:!MD5:!ADH:@STRENGTH
   2. Under Advanced SSL Settings
      1. Ensure Renegotiation is disabled

Repeat the steps listed above for the Backend SSL profile, otherwise, a warning message as per below will be displayed.

*Suggestion: Create a copy of the "Silverline_Server_Default" Backend SSL profile, name it with an indicator that supports HTTP2, for example: "HTTP2_Silverline_Server_Default", and performs the changes described above for the Front End SSL profile.

Related Content

• How to Enable HTTP/2 Capability
• Proxy Set-up Guide: Proxy / App Configuration in Silverline Portal
• How to Subscribe to Release Notes on Knowledge Base
• How to Configure a Proxy for HTTP / SSL HTTP / WAF Proxy Service Type