I have some users who use the Safari browser and are having trouble accessing our local Indico server. Indico doesn’t open in that browser and the message below appears:
“Safari can’t Open the page
Safari cna’t open the page “https://indico.ggte.unicamp.br/event/18/” because the server unexpectdly dropped the connection.”
Is there any way to work around this problem? We use Indico with SSO and proxies.
Thanks a lot
Maybe related to this invalid HTTP header error curl displays? sslcheck also mentioned that Strict-Transport-Security is present twice. In any case, http2 seems broken and maybe Safari doesn’t fall back to http1.
$ curl -v https://indico.ggte.unicamp.br
* Host indico.ggte.unicamp.br:443 was resolved.
* IPv6: 2801:8a:c860:4049::200
* IPv4: 177.220.121.152
* Trying [2801:8a:c860:4049::200]:443...
* Trying 177.220.121.152:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* SSL Trust Anchors:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
* subject: C=BR; ST=Sao Paulo; L=Campinas; O=UNIVERSIDADE ESTADUAL DE CAMPINAS; CN=indico.ggte.unicamp.br
* start date: Jan 9 14:06:05 2026 GMT
* expire date: Feb 10 14:06:04 2027 GMT
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign RSA OV SSL CA 2018
* Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* subjectAltName: "indico.ggte.unicamp.br" matches cert's "indico.ggte.unicamp.br"
* OpenSSL verify result: 0
* SSL certificate verified via OpenSSL.
* Established connection to indico.ggte.unicamp.br (177.220.121.152 port 443) from 128.141.210.235 port 37610
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://indico.ggte.unicamp.br/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: indico.ggte.unicamp.br]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.19.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: indico.ggte.unicamp.br
> User-Agent: curl/8.19.0
> Accept: */*
>
* Request completely sent off
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/2 200
< server: nginx
< date: Sat, 16 May 2026 14:40:16 GMT
< content-type: text/html; charset=utf-8
< content-length: 99924
< strict-transport-security: max-age=63072000
* Invalid HTTP header field was received: frame type: 1, stream: 1, name: [upgrade], value: [h2]
* nghttp2 shuts down connection with error 1: PROTOCOL_ERROR
* closing connection #0
curl: (16) Invalid HTTP header field was received: frame type: 1, stream: 1, name: [upgrade], value: [h2]
Hi,
fixed double HSTS.
Abraço
Clóvis