NGINX-QUIC: OPENSSL_internal:NO_SUPPORTED_VERSIONS_ENABLED
Surinder Sund
goodlord at gmail.com
Mon Dec 21 13:46:23 UTC 2020
I'm trying to get NGINX QUIC to work on a fresh install of Ubuntu 20.04.
But I'm getting this error:
**1 SSL_do_handshake() failed (SSL: error:10000118:SSL
routines:OPENSSL_internal:NO_SUPPORTED_VERSIONS_ENABLED)*
Looks like some issue with the way Boringssl is set up, or being used by
Nginx?
HOW I BUILT BORINGSSL
cd boringssl; mkdir build ; cd build ; cmake -GNinja ..
ninja
NGINX DETAILS
*~/nginx-quic# nginx -V*
nginx version: nginx/1.19.6
built by gcc 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --with-debug --with-http_v3_module
--with-cc-opt=-I../boringssl/include
--with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto'
--with-http_quic_module --with-stream_quic_module
--with-http_image_filter_module --with-http_sub_module --with-stream
--add-module=/usr/local/src/ngx_brotli --prefix=/etc/nginx
--sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules
--conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log
--pid-path=/var/run/nginx.pid
HOW I BUILT NGINX QUIC:
cd ~/nginx-quic ;
./auto/configure --with-debug --with-http_v3_module \
--with-cc-opt="-I../boringssl/include" \
--with-ld-opt="-L../boringssl/build/ssl \
-L../boringssl/build/crypto" \
--with-http_quic_module --with-stream_quic_module
--with-http_image_filter_module --with-http_sub_module --with-stream
--add-module=/usr/local/src/ngx_brotli --prefix=/etc/nginx
--sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid
MY NGINX BUILD CONFIGURATION SUMMARY:
Configuration summary
+ using system PCRE library
+ using system OpenSSL library
+ using system zlib library
nginx path prefix: "/etc/nginx"
nginx binary file: "/usr/sbin/nginx"
nginx modules path: "/usr/lib/nginx/modules"
nginx configuration prefix: "/etc/nginx"
nginx configuration file: "/etc/nginx/nginx.conf"
nginx pid file: "/var/run/nginx.pid"
nginx error log file: "/var/log/nginx/error.log"
nginx http access log file: "/etc/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"
MY SITE CONFIGURATION
listen 80;
listen [::]:80;
listen 443 ssl http2 fastopen=150;
listen [::]:443 ipv6only=on ssl fastopen=150;
include snippets/ssl-params.conf;
server_name blah.blah;
root /var/wordpress;
index index.html index.htm index.php;
access_log /var/log/nginx/xx.log;
error_log /var/log/nginx/xx-error_log;
ssl_early_data on;
listen 443 http3 reuseport;
listen [::]:443 http3 reuseport;
add_header Alt-Svc '$http3=":8443"; ma=86400';
*in nginx.conf I've added this:*
ssl_protocols TLSv1.3; #disabled 1.1 & 1.2
UDP is open on port 441, I've double checked this from the outside. So it's
not a port issue.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20201221/eb1bde3c/attachment.htm>
More information about the nginx-devel
mailing list