Clients fail to connect via HTTP3 over QUIC

David Hu me at davidte.ch
Mon Feb 21 21:43:38 UTC 2022


I have compiled the latest master branch of nginx-quic with these options:

nginx version: nginx/1.21.7 (8861:b5c87e0e57ef)
built with OpenSSL 3.0.1+quic 14 Dec 2021
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --build=8861:b5c87e0e57ef 
--with-debug --with-http_ssl_module --with-http_v2_module 
--with-stream_quic_module --with-http_v3_module 
--with-cc-opt='-I/usr/local/include/openssl -O0 -DNGX_HTTP_V3_HQ=1' 
--with-ld-opt=-L/usr/local/lib64

and OpenSSL version (quictls):
OpenSSL 3.0.1+quic 14 Dec 2021 (Library: OpenSSL 3.0.1+quic 14 Dec 2021)
built on: Sun Feb 20 01:43:12 2022 UTC
platform: linux-x86_64
options:  bn(64,64)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 
-DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC 
-DOPENSSL_BUILDING_OPENSSL -DNDEBUG -DOPENSSL_TLS_SECURITY_LEVEL=2
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/lib64/engines-81.3"
MODULESDIR: "/usr/local/lib64/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0xfff83203078bffff:0x4219c01ab


And my nginx config file http block looks like this:
[redacted sensitive configs]
http {
     [redacted some configs]
     quic_retry on;
     http3_push on;
     http3_hq on;
}

However clients cannot cannot to my server either through H3 or HQ anymore

Wireshark shows handshake failure
CONNECTION_CLOSE (Transport) Error code: CRYPTO_ERROR (No application 
Protocol)
     Frame Type: CONNECTION_CLOSE (Transport) (0x000000000000001c)
     Error code: CRYPTO_ERROR (376)
     TLS Alert Description: No application Protocol (120)
     Frame Type: 0
     Reason phrase Length: 16
     Reason phrase: handshake failed


How am I supposed to solve this?



More information about the nginx-devel mailing list