SSL Visibility support for HTTP/2 protocol.
search cancel

SSL Visibility support for HTTP/2 protocol.


Article ID: 249157


Updated On:


SV-1800 SV-2800 SV-3800 SV-800 SV-S550


There are several things to consider with HTTP2 traffic traversing the SSL Visibility Appliance.


HTTP2 protocol enables full request and response multiplexing.  HTTP/2 allows for prioritization of content, header compression, and multiplexing which all make web pages load faster when compared to HTTP/1.1.  This may result in decreasing the time to establish a new connection for each request.


The SSL Visibility Appliance does work with HTTP/2, however, it does not decrypt HTTP2.  The SSL Visibility Appliance will decrypt the TLS record elements and repackage them in TCP frames.  The appliance will transparently allow the Client Hello from the client to pass through.  This will only happen on inspected flows.  H/2 is delivered as-is to the inspection appliance and the appliance will need to know how to decode the H/2.  Any flow that is configured to be cut-through will still be allowed to use H2.

The SSL Visibility Appliance does have an option on the Segment page, under Attached Appliance Options, to downgrade HTTP/2 to HTTP/1.x.  Use this option to downgrade flows if an attached appliance on the segment does not support HTTP/2.  This option only applies to inspected flows and is disabled by default.