Need help? Call us on 1300 789 260

Blank page in Firefox when using a secure (SSL) connection with HTTP/2

Difficulty: Advanced

Prerequisites

  • SSH Acess to your Plesk Server

Overview

If you have recently enabled HTTP/2 on your Plesk 12.5 server, sites viewed in Firefox may simply display a blank page. This is because the default configuration may still use a cipher which has been blacklisted in Firefox only. All other browsers will continue to work as expected.

Unfortunately, Firefox doesn't display any errors nor log anything to the console to diagnose this and it makes finding the issue extremely difficult.  It appears to be isolated to CentOS 6 based systems only, which are running OpenSSL 1.0.1e with a cusomised virtual server template. Using the Qualys SSL Tool , you may also see the following:

Firefox Blacklisted Cipher

Instructions

  1. To check of you have a customised template, check if a custom nginxDomainVirtualHost.php exists:
    ls /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php
    
  2. If the file exists and you need the changes, modify the ssl_ciphers line in your editor to use:
    ssl_ciphers EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!KRB5:!aECDH:!EDH+3DES;
    
  3. If you don't require the changes, delete the file and re-enable HTTP/2 to test.
  4. You'll now need to reconfigure the websites on the server using the Plesk httpdmng tool:
    /usr/local/psa/admin/bin/httpdmng --reconfigure-all
    
  5. This will reset the configurations for Nginx. To apply the new configuration, ensure you restart Ngnix:
    service nginx restart
    
  6. Re-check your site in Firefox to confirm. You can also re-run the Qualys SSL Tool to ensure the ciphers are valid.

References

Official Plesk KB on HTTP/2: https://kb.plesk.com/en/128766

Was this article helpful? Yes No
👥

Having trouble? We’re here to help!

We’ve built our company with a serious focus on quality service. Feel free to give us a call!

1300 789 260