How to setup your HTTP/2 site on F5 series LTM.

New photo by WuNan Lin / Google Photos

We learned about new features for HTTP/2 from F5 Release note.
Ref: Release Note: BIG-IP LTM and TMOS 12.1.2 Release Notes
So this post will show how to enable HTTP/2 on F5 LTM.

Steps:

Pool List -> Profile (SSL Client / HTTP/2) -> Virtual Servers

Pool: add your port 80 backend & make sure health check passed.

New photo by WuNan Lin / Google Photos

Profile (SSL Client):

    1. We need assign legal Certificate Key Chain.
    2. disable Renegotiation
    3. Ciphers string will look like that
!SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4

Profile (HTTP/2): Use default value

New photo by WuNan Lin / Google Photos

Virtual Servers
Service Port: HTTPS/443
SSL Profile (Client): Assign SSL Client Profile
Acceleration Option: Assign default HTTP/2 Profile
Final We got two testing tools.

  1. HTTP/2 Test Verify HTTP/2.0 Support
  2. Qualys SSL Labs

Make sure HTTP/2 Test Result supports HTTP/2.0

New photo by WuNan Lin / Google Photos

SSL Labs Overall Rating get A+

New photo by WuNan Lin / Google Photos

Setup Done.

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *