I want to reach a HTTP/2 destination via Zscaler and I don’t think it works as of now. Is this on your roadmap?
Any news on this issue? Also noticed the HTTP 1.1 limitation but HTTP 2.0 impossible.
I’m also looking for this… any hope of an update?
I went through the halls here and found some information.
This needs to be broken down into decrypted vs. undecrypted traffic:
Undecrypted: Currently HTTP/2.0 is fully supported on undecrypted traffic as we don’t interfere with the TLS handshake and allow the client and server to negotiate HTTP/2.0 using the ALPN TLS extension.
Decrypted: Currently, we ignore the ALPN extension and force HTTP/1.1 on the client and server. It’s rare for a server to support only HTTP/2.0, so the likelihood of impacting traffic is very small. One caveat is gRPC traffic but it’s mostly confined to micro-services communication. For these HTTP/2.0 only cases, you should consider an SSL exemption.
HTTP/2 traffic inspection for SSL decrypted traffic is part of the upcoming 6.2 release (currently in beta). It’s critical to point out that HTTP/2.0 is purely a web acceleration protocol (not security), so it should be viewed in the broader context of user experience throughout the platform.
is there already some (tentative) date when 6.2 is likely to become GA?
This quarter, next quarter, next year?
Sadly, I do not have any dates for future releases. We do not publish dates for future releases on the community. However, I do believe that if you reach out to your account manager they may be able to assist further in navigating roadmap questions!
Hope you are already notified that we started rolling out 6.2 to all of our clouds.
yes, but as we are on zscalertwo cloud… still waiting for it
Also curious on this, we have had the 6.2 upgrade but still saw renegotiation to 1.1 on sites that otherwise (no ZIA) hit 2.
That being said we have our TAM on the case so hopefully we’ll find out soon.
Anyone still have issues with http/2 and Mac’s after the 6.2 update?