Welcome! Log In Create A New Profile

Advanced

NGINX-QUIC, ALPN offering only Http/1.1 and h2, but not h3

J B
September 15, 2021 02:40AM
Hello all,

I played around with nginx-quic branch, following the blog post here
https://www.nginx.com/blog/our-roadmap-quic-http-3-support-nginx/

I have trouble to get my browser to use http3 with the server. I checked
with CURL http3 enabled - there it works when providing the http3 option,
it does not when using --alt-svc option.
I assume it's a configuration issue, or an issue with self-signed
certificates, ...


What did I do:
1. Build Docker (copy from blogpost) and generate self signed certs.

```
COPY ./nginx/csr.conf /root/csr.conf
COPY ./nginx/cert.pass /etc/keys/cert.pass

# generate self signed certificate
RUN openssl genrsa -aes128 -passout "pass:supersecure" -out ca.key 4096
RUN openssl req -new -config csr.conf -key ca.key -out ca.csr -passin
"pass:supersecure"
RUN openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
-passin "pass:supersecure"

# copy them to /etc/ssl/
RUN cp ca.crt /etc/ssl/certs/
RUN cp ca.key /etc/ssl/private/
RUN cp ca.csr /etc/ssl/private/

# setup ssl config
COPY ./nginx/ssl.conf /etc/nginx/conf.d/ssl.conf

EXPOSE 80 443
```

2. Run the Docker with
docker run -it --rm -p 443:443/udp -p 443:443/tcp nginx_quic

Testing:

Using HTTP3 enabled curl ends up in:
``` curl -k -vvv --alt-svc altsvc.cache https://localhost:443
* Trying 127.0.0.1:443...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to
localhost:443
```


using http3 option on curl works as expected:
```
../curl -v --http3 https://localhost:443/
* Trying 127.0.0.1:443...
* Connect socket 5 over QUIC to 127.0.0.1:443
* Connected to localhost () port 443 (#0)
* Using HTTP/3 Stream ID: 0 (easy handle 0x55c46567b290)
> GET / HTTP/3
> Host: localhost
> user-agent: curl/7.79.0-DEV
> accept: */*
>
* ngh3_stream_recv returns 0 bytes and EAGAIN
< HTTP/3 200
< server: nginx/1.21.3
< date: Tue, 14 Sep 2021 22:21:26 GMT
< content-type: text/html
< content-length: 615
< last-modified: Tue, 07 Sep 2021 15:21:03 GMT
< etag: "6137835f-267"
< alt-svc: h3=":443"; ma=2592000
< quic-status: quic
< x-quic: quic
< accept-ranges: bytes
````

Any Idea how to solve this?

Best

J.
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

NGINX-QUIC, ALPN offering only Http/1.1 and h2, but not h3

J B 59 September 15, 2021 02:40AM

Re: NGINX-QUIC, ALPN offering only Http/1.1 and h2, but not h3

Sergey Kandaurov 11 September 17, 2021 07:24AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 89
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready