2 server refused stream

Switching to a Perfomance layer 4 VIP just does packet passthrough to the pool members – any issues with TLS is due to the pool member webserver/TLS implementation.

If you are on BigIP 12.1.2, you have probably hit a different HTTP2 issue – probably:

Bug ID 677119: HTTP2 implementation incorrectly treats SETTINGS_MAX_HEADER_LIST_SIZE

There is no workaround – you will need to upgrade to resolve this issue.

Here is the list of HTTP2 issues fixed in the latest 12.x series release since 12.1.2 (released Nov 2017):

the latest version available is which provides bugfixes for these HTTP/2 related issues: Known Issues in BIG-IP v12.1.x 788773-5 CVE-2019-9515 K50233772 HTTP/2 Vulnerability: CVE-2019-9515 788769-5 CVE-2019-9514 K01988340 HTTP/2 Vulnerability: CVE-2019-9514 773673-5 CVE-2019-9512 K98053339 HTTP/2 Vulnerability: CVE-2019-9512 Cumulative fixes from BIG-IP v12.1.5 that are included in this release 699598-4 3-Major HTTP/2 requests with large body may result in RST_STREAM with FRAME_SIZE_ERROR Cumulative fixes from BIG-IP v12.1.4.1 that are included in this release 745713-2 CVE-2019-6619 K94563344 TMM may crash when processing HTTP/2 traffic 744536 3-Major HTTP/2 may garble large headers 751586-1 4-Minor http2 virtual does not honour translate-address disabled Cumulative fixes from BIG-IP v12.1.4 that are included in this release 740490-2 2-Critical Configuration changes involving HTTP2 or SPDY may leak memory 680264 3-Major HTTP2 headers frame decoding may fail when the frame delivered in multiple xfrags Cumulative fixes from BIG-IP v12.1.3.7 that are included in this release 720293-1 3-Major HTTP2 IPv4 to IPv6 fails Cumulative fixes from BIG-IP v12.1.3.6 that are included in this release 703940-3 CVE-2018-5530 K45611803 Malformed HTTP/2 frame consumes excessive system resources 718071-3 2-Critical HTTP2 with ASM policy not passing traffic 702151-2 3-Major HTTP/2 can garble large headers 698916-3 3-Major TMM crash with HTTP/2 under specific condition 698379-3 3-Major K61238215 HTTP2 upload intermittently is aborted with HTTP2 error error_code=FLOW_CONTROL_ERROR( 673052-2 3-Major On i-Series platforms, HTTP/2 is limited to 10 streams 659519-1 3-Major K42400554 Non-default header-table-size setting on HTTP2 profiles may cause issues Cumulative fixes from BIG-IP v12.1.3.4 that are included in this release 705611-1 2-Critical The TMM may crash when under load when configuration changes occur when the HTTP/2 profile is used 700393-2 2-Critical K53464344 Under certain circumstances, a stale HTTP/2 stream can cause a tmm crash 673951-4 2-Critical K56466330 Memory leak when using HTTP2 profile 705794-1 3-Major Under certain circumstances a stale HTTP/2 stream might cause a tmm crash 689449-3 3-Major Some flows may remain indefinitely in memory with spdy/http2 and http fallback-host configured 677457 3-Major K13036194 HTTP/2 Gateway appends semicolon when a request has one or more cookies 654086-3 3-Major Incorrect handling of HTTP2 data frames larger than minimal frame size Cumulative fixes from BIG-IP v12.1.3.2 that are included in this release 668501-2 CVE-2017-6151 K07369970 HTTP2 does not handle some URIs correctly 665924-1 2-Critical K24847056 The HTTP2 and SPDY filters may cause a TMM crash in complicated scenarios 574526-1 3-Major K55542554 HTTP/2 and SPDY do not parse the path for the location/existence of the query parameter Cumulative fixes from BIG-IP v12.1.3.1 that are included in this release 681710-4 CVE-2017-6155 K10930474 Malformed HTTP/2 requests may cause TMM to crash Cumulative fixes from BIG-IP v12.1.3 that are included in this release 677119 3-Major HTTP2 implementation incorrectly treats SETTINGS_MAX_HEADER_LIST_SIZE 652535-1 3-Major K54443700 HTTP/2 stream reset with PROTOCOL_ERROR when frame header is fragmented.

Related Posts