Re: Clients fail to connect via HTTP3 over QUIC

Mon, 21 Feb 2022 22:42:00 -0800 

22.02.2022 00:43, David Hu via nginx-devel пишет:

I have compiled the latest master branch of nginx-quic with these options:

nginx version: nginx/1.21.7 (8861:b5c87e0e57ef)
built with OpenSSL 3.0.1+quic 14 Dec 2021
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --build=8861:b5c87e0e57ef --with-debug --with-http_ssl_module --with-http_v2_module --with-stream_quic_module --with-http_v3_module --with-cc-opt='-I/usr/local/include/openssl -O0 -DNGX_HTTP_V3_HQ=1' --with-ld-opt=-L/usr/local/lib64 

and OpenSSL version (quictls):
OpenSSL 3.0.1+quic 14 Dec 2021 (Library: OpenSSL 3.0.1+quic 14 Dec 2021)
built on: Sun Feb 20 01:43:12 2022 UTC
platform: linux-x86_64
options:  bn(64,64)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DNDEBUG -DOPENSSL_TLS_SECURITY_LEVEL=2 
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/lib64/engines-81.3"
MODULESDIR: "/usr/local/lib64/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0xfff83203078bffff:0x4219c01ab


And my nginx config file http block looks like this:
[redacted sensitive configs]
http {
     [redacted some configs]
     quic_retry on;
     http3_push on;
     http3_hq on;
}

However clients cannot cannot to my server either through H3 or HQ anymore

Wireshark shows handshake failure
CONNECTION_CLOSE (Transport) Error code: CRYPTO_ERROR (No application Protocol) 
     Frame Type: CONNECTION_CLOSE (Transport) (0x000000000000001c)
     Error code: CRYPTO_ERROR (376)
     TLS Alert Description: No application Protocol (120)
     Frame Type: 0
     Reason phrase Length: 16
     Reason phrase: handshake failed


How am I supposed to solve this?
First, check the logs, the error should be logged. Message supposes your client did not send proper protocol (or no ALPN at all). We've recently removed draft version suppoort (http://hg.nginx.org/nginx-quic/rev/d8865baab732), so now only quic v1 is supported, and "h3" should be used for application protocol. You may want to check your configuration for 'Alt-Svc' header. 
_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-le...@nginx.org

Reply via email to