Requesting IdP description document from modern HTTP server fails

[djc]

I recently upgraded my web server (serving my IdP, among other things) to Apache 2.4.18 with mod_h2. Unfortunately, I now get the following message from Persona:

ochtman.nl is not responding. Please wait a few minutes and try again.

When requesting https://ochtman.nl/.well-known/browserid in Firefox, it works just fine.

My keybase.io proof also started failing shortly after the Apache upgrade, so I found keybase/keybase-issues#1925. It seems this was caused by nodejs/node#4334, and it seems likely that Persona could suffer from this, as well.

I think this is pretty bad, since it prevents logging in to any site with an email address that has a primary IdP, where that primary IdP has a modern web server with HTTP 2 support setup.

[rfk]

Thanks @djc. Sounds like the straightfoward fix involves updating node, which could be a lot of work. Are there other known ways to work around this issue without updating node?

[djc]

I can't think of any so far. :(

[rfk]

@djc did you end up downgrading your server to work around this? It seems to fetch the doc from ochtman.nl OK currently.

[djc]

I disabled HTTP 2 in the configuration for now. 😢