Monday, May 09, 2016

ColdFusion IIS 10 HTTP/2 - Safari Bug

For a while I have been dealing with a bug that I had no idea how to even explain to the ColdFusion team and after telling them several times about it, nothing was ever resolved. Today though, I believe there is enough to show how and why this is occurring and only with Safari.

On Windows 10 running IIS 10, the HTTP/2 protocol is enabled by default and all you need to do to take advantage of it is have your site served over HTTPS. Believe it or not it is actually that simple.

The Bug
So when I would browse my site on any browser I would see that the connection was downgraded to http/1.1 which is absolutely ok and the site would still render, but when I would try it on Safari it would just go into an endless loop causing a lot of connections opening up on the server. I have to give it to Fusion-Reactor here because it was what allowed me to easily see this in action the first time.

Why it was a problem for me
Now any other day, because this is my dev box it would not matter but on this particular dev box, I needed to test a Cordova App I built that is pointing to a Webserver and although it worked on production when I pointed it to my dev box it would just never render. So I then tried to open in Safari on my desktop (because we know it is iOS Safari on the phone) to see what was going on and I would just get a white page, the spinning wheel and a lot of connections on ColdFusion.

I decided to finally open up my console (not web) and I started seeing the following:

Safari[2061]: tcp_connection_destination_handle_tls_close_notify 60 closing socket due to TLS CLOSE_NOTIFY alert
tcp_connection_tls_session_error_callback_imp 60

Those errors would just continue as long as I left Safari trying to connect. Once I stopped Safari, the messages would stop and Fusion-Reactor graphs would go back to normal. You can see all of this in the following video.

The temporary solution
So until either the Safari team or the ColdFusion team fixes this, the only solution is to disable HTTP/2 on Windows 10 which is easy by doing the following:

  1. Open the registry editor (regedit)
  2. Browse to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters
  3. Enter 2 new DWORD Values EnableHttp2Cleartext and EnableHttp2Tls
  4. Set their values to 0
  5. Reboot

Now when you browse any HTTPS site running on IIS 10 it is server as HTTP/1.1, not causing the connection downgrade and therefore working properly in Safari.

No comments:

Post a Comment