Welcome! Log In Create A New Profile

Re: Clients fail to connect via HTTP3 over QUIC

Forum List Message List New Topic Print View

Vladimir Homutov

February 22, 2022 01:44AM

22.02.2022 00:43, David Hu via nginx-devel пишет:
> I have compiled the latest master branch of nginx-quic with these options:
>
> nginx version: nginx/1.21.7 (8861:b5c87e0e57ef)
> built with OpenSSL 3.0.1+quic 14 Dec 2021
> TLS SNI support enabled
> configure arguments: --prefix=/usr/local/nginx --build=8861:b5c87e0e57ef
> --with-debug --with-http_ssl_module --with-http_v2_module
> --with-stream_quic_module --with-http_v3_module
> --with-cc-opt='-I/usr/local/include/openssl -O0 -DNGX_HTTP_V3_HQ=1'
> --with-ld-opt=-L/usr/local/lib64
>
> and OpenSSL version (quictls):
> OpenSSL 3.0.1+quic 14 Dec 2021 (Library: OpenSSL 3.0.1+quic 14 Dec 2021)
> built on: Sun Feb 20 01:43:12 2022 UTC
> platform: linux-x86_64
> options: bn(64,64)
> compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3
> -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC
> -DOPENSSL_BUILDING_OPENSSL -DNDEBUG -DOPENSSL_TLS_SECURITY_LEVEL=2
> OPENSSLDIR: "/usr/local/ssl"
> ENGINESDIR: "/usr/local/lib64/engines-81.3"
> MODULESDIR: "/usr/local/lib64/ossl-modules"
> Seeding source: os-specific
> CPUINFO: OPENSSL_ia32cap=0xfff83203078bffff:0x4219c01ab
>
>
> And my nginx config file http block looks like this:
> [redacted sensitive configs]
> http {
>     [redacted some configs]
>     quic_retry on;
>     http3_push on;
>     http3_hq on;
> }
>
> However clients cannot cannot to my server either through H3 or HQ anymore
>
> Wireshark shows handshake failure
> CONNECTION_CLOSE (Transport) Error code: CRYPTO_ERROR (No application
> Protocol)
>     Frame Type: CONNECTION_CLOSE (Transport) (0x000000000000001c)
>     Error code: CRYPTO_ERROR (376)
>     TLS Alert Description: No application Protocol (120)
>     Frame Type: 0
>     Reason phrase Length: 16
>     Reason phrase: handshake failed
>
>
> How am I supposed to solve this?

First, check the logs, the error should be logged. Message supposes your
client did not send proper protocol (or no ALPN at all). We've recently
removed draft version suppoort
(http://hg.nginx.org/nginx-quic/rev/d8865baab732), so now only quic v1
is supported, and "h3" should be used for application protocol. You may
want to check your configuration for 'Alt-Svc' header.
_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org

Reply Quote

RSS

Subject	Author	Views	Posted
Clients fail to connect via HTTP3 over QUIC	David Hu via nginx-devel	771	February 21, 2022 04:46PM
Re: Clients fail to connect via HTTP3 over QUIC	Vladimir Homutov	240	February 22, 2022 01:44AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 249

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018