NGINX-QUIC: OPENSSL_internal:NO_SUPPORTED_VERSIONS_ENABLED
Surinder Sund
goodlord at gmail.com
Tue Dec 22 13:08:25 UTC 2020
Thank You Johny.
I fixed that (In fact, I'd fixed it in the trial machine earlier, but when
I restored a backup, it came back in).
Unfortunately, the error still remains.
Pls see the picture below. I can confirm that the traffic is hitting
443/UDP, but nothing is being returned.
https://drive.google.com/file/d/1knHKb_jUcjdY71wCz-w1TG4QupxH9CN3/view?usp=sharing
[image: image.png]
Looks like no cigar for me yet.
On Mon, Dec 21, 2020 at 10:24 PM Jonny Barnes <jonnybarnes at gmail.com> wrote:
> I think your Alt Svc header should be pointing to port 443, not 8443
>
> On Mon, 21 Dec 2020 at 14:41, Surinder Sund <goodlord at gmail.com> wrote:
>
>> forgot to add that this affects only http3 requests [I've tested from
>> more than one machine and multiple clients, including cURL and FF]
>>
>> http2 request work fine with no change in configuration.
>>
>> On Mon, Dec 21, 2020 at 7:16 PM Surinder Sund <goodlord at gmail.com> wrote:
>>
>>> I'm trying to get NGINX QUIC to work on a fresh install of Ubuntu 20.04.
>>>
>>> But I'm getting this error:
>>>
>>> **1 SSL_do_handshake() failed (SSL: error:10000118:SSL
>>> routines:OPENSSL_internal:NO_SUPPORTED_VERSIONS_ENABLED)*
>>>
>>> Looks like some issue with the way Boringssl is set up, or being used by
>>> Nginx?
>>>
>>>
>>> HOW I BUILT BORINGSSL
>>>
>>> cd boringssl; mkdir build ; cd build ; cmake -GNinja ..
>>> ninja
>>>
>>> NGINX DETAILS
>>>
>>> *~/nginx-quic# nginx -V*
>>>
>>> nginx version: nginx/1.19.6
>>> built by gcc 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)
>>> built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
>>> TLS SNI support enabled
>>> configure arguments: --with-debug --with-http_v3_module
>>> --with-cc-opt=-I../boringssl/include
>>> --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto'
>>> --with-http_quic_module --with-stream_quic_module
>>> --with-http_image_filter_module --with-http_sub_module --with-stream
>>> --add-module=/usr/local/src/ngx_brotli --prefix=/etc/nginx
>>> --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules
>>> --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log
>>> --pid-path=/var/run/nginx.pid
>>>
>>>
>>> HOW I BUILT NGINX QUIC:
>>>
>>> cd ~/nginx-quic ;
>>> ./auto/configure --with-debug --with-http_v3_module \
>>> --with-cc-opt="-I../boringssl/include" \
>>> --with-ld-opt="-L../boringssl/build/ssl \
>>> -L../boringssl/build/crypto" \
>>> --with-http_quic_module --with-stream_quic_module
>>> --with-http_image_filter_module --with-http_sub_module --with-stream
>>> --add-module=/usr/local/src/ngx_brotli --prefix=/etc/nginx
>>> --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules
>>> --conf-path=/etc/nginx/nginx.conf
>>> --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid
>>>
>>>
>>> MY NGINX BUILD CONFIGURATION SUMMARY:
>>>
>>> Configuration summary
>>> + using system PCRE library
>>> + using system OpenSSL library
>>> + using system zlib library
>>>
>>> nginx path prefix: "/etc/nginx"
>>> nginx binary file: "/usr/sbin/nginx"
>>> nginx modules path: "/usr/lib/nginx/modules"
>>> nginx configuration prefix: "/etc/nginx"
>>> nginx configuration file: "/etc/nginx/nginx.conf"
>>> nginx pid file: "/var/run/nginx.pid"
>>> nginx error log file: "/var/log/nginx/error.log"
>>> nginx http access log file: "/etc/nginx/logs/access.log"
>>> nginx http client request body temporary files: "client_body_temp"
>>> nginx http proxy temporary files: "proxy_temp"
>>> nginx http fastcgi temporary files: "fastcgi_temp"
>>> nginx http uwsgi temporary files: "uwsgi_temp"
>>> nginx http scgi temporary files: "scgi_temp"
>>>
>>>
>>>
>>>
>>> MY SITE CONFIGURATION
>>>
>>>
>>> listen 80;
>>> listen [::]:80;
>>> listen 443 ssl http2 fastopen=150;
>>> listen [::]:443 ipv6only=on ssl fastopen=150;
>>> include snippets/ssl-params.conf;
>>> server_name blah.blah;
>>> root /var/wordpress;
>>> index index.html index.htm index.php;
>>> access_log /var/log/nginx/xx.log;
>>> error_log /var/log/nginx/xx-error_log;
>>> ssl_early_data on;
>>> listen 443 http3 reuseport;
>>> listen [::]:443 http3 reuseport;
>>> add_header Alt-Svc '$http3=":8443"; ma=86400';
>>>
>>>
>>> *in nginx.conf I've added this:*
>>>
>>> ssl_protocols TLSv1.3; #disabled 1.1 & 1.2
>>>
>>>
>>> UDP is open on port 441, I've double checked this from the outside. So
>>> it's not a port issue.
>>>
>>> _______________________________________________
>> nginx-devel mailing list
>> nginx-devel at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20201222/6913b952/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 34331 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20201222/6913b952/attachment-0001.png>
More information about the nginx-devel
mailing list