h2 Restrictions
There are some restrictions on the h2 implementation you should be aware of:
Connection Reuse
The HTTP/2 protocol allows reuse of TLS connections under certain conditions: if you have a certiface with wildcards or several altSubject names, browsers will reuse any existing connection they might have. Example:
You have a certificate for
a.example.org that has as additional name
b.example.org. You open in your browser the url
https://a.example.org/, open another tab and load
https://b.example.org/.
Before opening a new connection, the browser sees that it still has the one to
a.example.org open and that the certificate is also valid for
b.example.org. So, it sends the request for second tab over the connection of the first one.
This connection reuse is intentional and makes it easier for sites that have invested in sharding for efficiency in HTTP/1 to also benefit from HTTP/2 without much change.
In Apache mod_h[ttp]2 this is not fully implemented, yet. When
a.example.org and
b.example.org are separate virtual hosts, Apache will not allow such connection reuse and inform the browser with status code 421 Misdirected Request about it. The browser will understand that it has to open a new connection to
b.example.org. All will work, however some efficiency gets lost.
We expect to have the proper checks in place for the next release.