HTTP/2, Nginx, and Chrome
This content was originally posted on my blog in 2016, but I feel that it’s still relevant to those running older versions of Linux and Nginx.
While deploying the new version of Fiddlesaw, I noticed that I was not getting a HTTP/2 connection after updating to Chrome 51. After some light research, I found the following:
- Chrome disabled NPN in favor of ALPN, beginning with Chrome 51. APLN is the accepted standard for negotiating a HTTP/2 connection.
- ALPN isn’t supported in versions of OpenSSL prior to 1.0.2. Unfortunately, most Linux distributions are still running a flavor of 1.0.1 or lower.
- Nginx uses OpenSSL to provide the framework to serve TLS connections. This means that you are dependent the build of OpenSSL that comes with your distro, unless you choose a more advanced route like running a private build.
Ultimately, I ended up going with Nginx on Ubuntu 16.04 LTS since it includes OpenSSL 1.0.2, and because this was a completely new server. Most cloud service providers should provide an image for this version of Ubuntu. If you are running an existing server and you don’t wish to upgrade, you do have some other options available to you:
- Build your own version of Nginx from source with OpenSSL 1.0.2 support.
- Wait until your distro of choice includes OpenSSL 1.0.2. TLS connections will still function normally, they just won’t use the faster HTTP/2 protocol.
Special thanks to Mattias Geniar for his excellent blog. His summary of Linux distros and their default versions of OpenSSL made selecting Ubuntu 16.04 an easy decision.

