Hi, Vladimir, thanks for replying. I'm not using any protocol over QUIC, just using QUIC to send/receive raw data to/from my application and the server, and having nginx proxy it to a TCP server. I do have a proxy_pass configured in my setup. I just omitted for simplicity.
R, Lucas. On Mon, Jun 14, 2021 at 11:35 AM Vladimir Homutov <v...@nginx.com> wrote: > 14.06.2021 18:08, Lucas Cuminato пишет: > > Hello, > > > > Not sure If this is a bug in nginx-quic or if I'm not configuring > > it correctly but when trying to use nginx-quic with the following > settings. > > > > stream { > > server { > > listen 5555 quic reuseport; > > ssl_session_cache off; > > ssl_client_certificate ca.pem > > ssl_verify_client on; > > ssl_session_tickets off; > > ssl_certificate cert.pem > > ssl_certificate_key key.pem; > > ssl_protocols TLSv1.3; > > } > > } > > > > and using a standalone application that uses ngtcp2 to try to connect to > > nginx-quic, I get a TLS alert saying that "No application protocol". > > I've tracked this down and it seems like nginx-quic is not setting any > > ALPN for the SSL context when using QUIC as a stream (in > > ngx_stream_ssl_module.c). > > It does it set it when using QUIC as HTTP (in ngx_http_ssl_module.c). > > Now, I believe ALPN is mandatory for QUIC according to the > > QUIC-TRANSPORT draft, so this might be a bug. > > By copying the code done in ngx_http_ssl_module.c for setting the ALPN > > and using it in ngx_stream_ssl_module.c, I was able to make my > > standalone app connect and transfer data, but not sure > > if this is the right fix. > > > > R, > > Lucas. > > > Hello, > this is expected with stream module. > ALPN is required, but is not clear what protocol (http3? other protocol > over quic?) is going to be used. > Can you please elaborate your use case? What are you going to achieve? > Also, the suggested configuration is not going to work, since you don't > have any content handling module (i.e. proxy_pass or return). > > > _______________________________________________ > nginx-devel mailing list > nginx-devel@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel
_______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel