Using Zscaler with HTTP/2

c16a · June 25, 2021, 6:58am

I want to reach a HTTP/2 destination via Zscaler and I don’t think it works as of now. Is this on your roadmap?

Marc · March 3, 2022, 9:44am

Any news on this issue? Also noticed the HTTP 1.1 limitation but HTTP 2.0 impossible.

ttt · August 16, 2022, 11:39am

I’m also looking for this… any hope of an update?

Ben_Garrison · August 16, 2022, 6:39pm

Hello,

I went through the halls here and found some information.

This needs to be broken down into decrypted vs. undecrypted traffic:

Undecrypted: Currently HTTP/2.0 is fully supported on undecrypted traffic as we don’t interfere with the TLS handshake and allow the client and server to negotiate HTTP/2.0 using the ALPN TLS extension.
Decrypted: Currently, we ignore the ALPN extension and force HTTP/1.1 on the client and server. It’s rare for a server to support only HTTP/2.0, so the likelihood of impacting traffic is very small. One caveat is gRPC traffic but it’s mostly confined to micro-services communication. For these HTTP/2.0 only cases, you should consider an SSL exemption.

HTTP/2 traffic inspection for SSL decrypted traffic is part of the upcoming 6.2 release (currently in beta). It’s critical to point out that HTTP/2.0 is purely a web acceleration protocol (not security), so it should be viewed in the broader context of user experience throughout the platform.

Thomas · August 17, 2022, 8:44am

Hi Ben,

is there already some (tentative) date when 6.2 is likely to become GA?
This quarter, next quarter, next year?

tS

Ben_Garrison · August 17, 2022, 3:03pm

Hey Thomas,

Sadly, I do not have any dates for future releases. We do not publish dates for future releases on the community. However, I do believe that if you reach out to your account manager they may be able to assist further in navigating roadmap questions!

Daps · October 21, 2022, 1:42pm

Hi Thomas,

Hope you are already notified that we started rolling out 6.2 to all of our clouds.

Regards,
Deepak

Thomas · November 3, 2022, 2:52pm

Hi Deepak,

yes, but as we are on zscalertwo cloud… still waiting for it

DB3684 · November 17, 2022, 8:47pm

Also curious on this, we have had the 6.2 upgrade but still saw renegotiation to 1.1 on sites that otherwise (no ZIA) hit 2.

That being said we have our TAM on the case so hopefully we’ll find out soon.

bandwiches · February 9, 2023, 3:49pm

Anyone still have issues with http/2 and Mac’s after the 6.2 update?