forgot to add that this affects only http3 requests [I've tested from more than one machine and multiple clients, including cURL and FF]
http2 request work fine with no change in configuration. On Mon, Dec 21, 2020 at 7:16 PM Surinder Sund <[email protected]> wrote: > I'm trying to get NGINX QUIC to work on a fresh install of Ubuntu 20.04. > > But I'm getting this error: > > **1 SSL_do_handshake() failed (SSL: error:10000118:SSL > routines:OPENSSL_internal:NO_SUPPORTED_VERSIONS_ENABLED)* > > Looks like some issue with the way Boringssl is set up, or being used by > Nginx? > > > HOW I BUILT BORINGSSL > > cd boringssl; mkdir build ; cd build ; cmake -GNinja .. > ninja > > NGINX DETAILS > > *~/nginx-quic# nginx -V* > > nginx version: nginx/1.19.6 > built by gcc 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04) > built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL) > TLS SNI support enabled > configure arguments: --with-debug --with-http_v3_module > --with-cc-opt=-I../boringssl/include > --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto' > --with-http_quic_module --with-stream_quic_module > --with-http_image_filter_module --with-http_sub_module --with-stream > --add-module=/usr/local/src/ngx_brotli --prefix=/etc/nginx > --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules > --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log > --pid-path=/var/run/nginx.pid > > > HOW I BUILT NGINX QUIC: > > cd ~/nginx-quic ; > ./auto/configure --with-debug --with-http_v3_module \ > --with-cc-opt="-I../boringssl/include" \ > --with-ld-opt="-L../boringssl/build/ssl \ > -L../boringssl/build/crypto" \ > --with-http_quic_module --with-stream_quic_module > --with-http_image_filter_module --with-http_sub_module --with-stream > --add-module=/usr/local/src/ngx_brotli --prefix=/etc/nginx > --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules > --conf-path=/etc/nginx/nginx.conf > --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid > > > MY NGINX BUILD CONFIGURATION SUMMARY: > > Configuration summary > + using system PCRE library > + using system OpenSSL library > + using system zlib library > > nginx path prefix: "/etc/nginx" > nginx binary file: "/usr/sbin/nginx" > nginx modules path: "/usr/lib/nginx/modules" > nginx configuration prefix: "/etc/nginx" > nginx configuration file: "/etc/nginx/nginx.conf" > nginx pid file: "/var/run/nginx.pid" > nginx error log file: "/var/log/nginx/error.log" > nginx http access log file: "/etc/nginx/logs/access.log" > nginx http client request body temporary files: "client_body_temp" > nginx http proxy temporary files: "proxy_temp" > nginx http fastcgi temporary files: "fastcgi_temp" > nginx http uwsgi temporary files: "uwsgi_temp" > nginx http scgi temporary files: "scgi_temp" > > > > > MY SITE CONFIGURATION > > > listen 80; > listen [::]:80; > listen 443 ssl http2 fastopen=150; > listen [::]:443 ipv6only=on ssl fastopen=150; > include snippets/ssl-params.conf; > server_name blah.blah; > root /var/wordpress; > index index.html index.htm index.php; > access_log /var/log/nginx/xx.log; > error_log /var/log/nginx/xx-error_log; > ssl_early_data on; > listen 443 http3 reuseport; > listen [::]:443 http3 reuseport; > add_header Alt-Svc '$http3=":8443"; ma=86400'; > > > *in nginx.conf I've added this:* > > ssl_protocols TLSv1.3; #disabled 1.1 & 1.2 > > > UDP is open on port 441, I've double checked this from the outside. So > it's not a port issue. > >
_______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
