Welcome! Log In Create A New Profile

Advanced

Re: [nginx-quic]

Previous Message Next Message
Forum List Message List New Topic Print View
Lucas Cuminato
June 14, 2021 12:46PM
Hi, Vladimir, thanks for replying.

I'm not using any protocol over QUIC, just using QUIC to send/receive raw
data to/from my application and the server, and having nginx proxy it to a
TCP server.
I do have a proxy_pass configured in my setup. I just omitted for
simplicity.

R,
Lucas.


On Mon, Jun 14, 2021 at 11:35 AM Vladimir Homutov <vl@nginx.com> wrote:

> 14.06.2021 18:08, Lucas Cuminato пишет:
> > Hello,
> >
> > Not sure If this is a bug in nginx-quic or if I'm not configuring
> > it correctly but when trying to use nginx-quic with the following
> settings.
> >
> > stream {
> > server {
> > listen 5555 quic reuseport;
> > ssl_session_cache off;
> > ssl_client_certificate ca.pem
> > ssl_verify_client on;
> > ssl_session_tickets off;
> > ssl_certificate cert.pem
> > ssl_certificate_key key.pem;
> > ssl_protocols TLSv1.3;
> > }
> > }
> >
> > and using a standalone application that uses ngtcp2 to try to connect to
> > nginx-quic, I get a TLS alert saying that "No application protocol".
> > I've tracked this down and it seems like nginx-quic is not setting any
> > ALPN for the SSL context when using QUIC as a stream (in
> > ngx_stream_ssl_module.c).
> > It does it set it when using QUIC as HTTP (in ngx_http_ssl_module.c).
> > Now, I believe ALPN is mandatory for QUIC according to the
> > QUIC-TRANSPORT draft, so this might be a bug.
> > By copying the code done in ngx_http_ssl_module.c for setting the ALPN
> > and using it in ngx_stream_ssl_module.c, I was able to make my
> > standalone app connect and transfer data, but not sure
> > if this is the right fix.
> >
> > R,
> > Lucas.
> >
> Hello,
> this is expected with stream module.
> ALPN is required, but is not clear what protocol (http3? other protocol
> over quic?) is going to be used.
> Can you please elaborate your use case? What are you going to achieve?
> Also, the suggested configuration is not going to work, since you don't
> have any content handling module (i.e. proxy_pass or return).
>
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[nginx-quic]

Lucas Cuminato 307 June 14, 2021 11:10AM

Re: [nginx-quic]

Vladimir Homutov 148 June 14, 2021 12:36PM

Re: [nginx-quic]

Lucas Cuminato 265 June 14, 2021 12:46PM

Re: [nginx-quic]

Vladimir Homutov 244 June 14, 2021 01:02PM

Re: [nginx-quic]

Lucas Cuminato 159 June 14, 2021 01:20PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 230
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready