We learned about new features for HTTP/2 from F5 Release note.
Ref: Release Note: BIG-IP LTM and TMOS 12.1.2 Release Notes
So this post will show how to enable HTTP/2 on F5 LTM.
Steps:
Pool List -> Profile (SSL Client / HTTP/2) -> Virtual Servers
Pool: add your port 80 backend & make sure health check passed.
Profile (SSL Client):
-
- We need assign legal Certificate Key Chain.
- disable Renegotiation
- Ciphers string will look like that
!SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4
Profile (HTTP/2): Use default value
Virtual Servers
Service Port: HTTPS/443
SSL Profile (Client): Assign SSL Client Profile
Acceleration Option: Assign default HTTP/2 Profile
Final We got two testing tools.
Make sure HTTP/2 Test Result supports HTTP/2.0
SSL Labs Overall Rating get A+
Setup Done.