NGINX-QUIC: OPENSSL_internal:NO_SUPPORTED_VERSIONS_ENABLED
Surinder Sund
goodlord at gmail.com
Mon Dec 21 14:41:34 UTC 2020
forgot to add that this affects only http3 requests [I've tested from more
than one machine and multiple clients, including cURL and FF]
http2 request work fine with no change in configuration.
On Mon, Dec 21, 2020 at 7:16 PM Surinder Sund <goodlord at gmail.com> wrote:
> I'm trying to get NGINX QUIC to work on a fresh install of Ubuntu 20.04.
>
> But I'm getting this error:
>
> **1 SSL_do_handshake() failed (SSL: error:10000118:SSL
> routines:OPENSSL_internal:NO_SUPPORTED_VERSIONS_ENABLED)*
>
> Looks like some issue with the way Boringssl is set up, or being used by
> Nginx?
>
>
> HOW I BUILT BORINGSSL
>
> cd boringssl; mkdir build ; cd build ; cmake -GNinja ..
> ninja
>
> NGINX DETAILS
>
> *~/nginx-quic# nginx -V*
>
> nginx version: nginx/1.19.6
> built by gcc 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)
> built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
> TLS SNI support enabled
> configure arguments: --with-debug --with-http_v3_module
> --with-cc-opt=-I../boringssl/include
> --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto'
> --with-http_quic_module --with-stream_quic_module
> --with-http_image_filter_module --with-http_sub_module --with-stream
> --add-module=/usr/local/src/ngx_brotli --prefix=/etc/nginx
> --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules
> --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log
> --pid-path=/var/run/nginx.pid
>
>
> HOW I BUILT NGINX QUIC:
>
> cd ~/nginx-quic ;
> ./auto/configure --with-debug --with-http_v3_module \
> --with-cc-opt="-I../boringssl/include" \
> --with-ld-opt="-L../boringssl/build/ssl \
> -L../boringssl/build/crypto" \
> --with-http_quic_module --with-stream_quic_module
> --with-http_image_filter_module --with-http_sub_module --with-stream
> --add-module=/usr/local/src/ngx_brotli --prefix=/etc/nginx
> --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules
> --conf-path=/etc/nginx/nginx.conf
> --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid
>
>
> MY NGINX BUILD CONFIGURATION SUMMARY:
>
> Configuration summary
> + using system PCRE library
> + using system OpenSSL library
> + using system zlib library
>
> nginx path prefix: "/etc/nginx"
> nginx binary file: "/usr/sbin/nginx"
> nginx modules path: "/usr/lib/nginx/modules"
> nginx configuration prefix: "/etc/nginx"
> nginx configuration file: "/etc/nginx/nginx.conf"
> nginx pid file: "/var/run/nginx.pid"
> nginx error log file: "/var/log/nginx/error.log"
> nginx http access log file: "/etc/nginx/logs/access.log"
> nginx http client request body temporary files: "client_body_temp"
> nginx http proxy temporary files: "proxy_temp"
> nginx http fastcgi temporary files: "fastcgi_temp"
> nginx http uwsgi temporary files: "uwsgi_temp"
> nginx http scgi temporary files: "scgi_temp"
>
>
>
>
> MY SITE CONFIGURATION
>
>
> listen 80;
> listen [::]:80;
> listen 443 ssl http2 fastopen=150;
> listen [::]:443 ipv6only=on ssl fastopen=150;
> include snippets/ssl-params.conf;
> server_name blah.blah;
> root /var/wordpress;
> index index.html index.htm index.php;
> access_log /var/log/nginx/xx.log;
> error_log /var/log/nginx/xx-error_log;
> ssl_early_data on;
> listen 443 http3 reuseport;
> listen [::]:443 http3 reuseport;
> add_header Alt-Svc '$http3=":8443"; ma=86400';
>
>
> *in nginx.conf I've added this:*
>
> ssl_protocols TLSv1.3; #disabled 1.1 & 1.2
>
>
> UDP is open on port 441, I've double checked this from the outside. So
> it's not a port issue.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20201221/609a5165/attachment.htm>
More information about the nginx-devel
mailing list