[nginx-quic]
Lucas Cuminato
lcuminato at gmail.com
Mon Jun 14 15:08:34 UTC 2021
Hello,
Not sure If this is a bug in nginx-quic or if I'm not configuring
it correctly but when trying to use nginx-quic with the following settings.
stream {
server {
listen 5555 quic reuseport;
ssl_session_cache off;
ssl_client_certificate ca.pem
ssl_verify_client on;
ssl_session_tickets off;
ssl_certificate cert.pem
ssl_certificate_key key.pem;
ssl_protocols TLSv1.3;
}
}
and using a standalone application that uses ngtcp2 to try to connect to
nginx-quic, I get a TLS alert saying that "No application protocol".
I've tracked this down and it seems like nginx-quic is not setting any ALPN
for the SSL context when using QUIC as a stream (in
ngx_stream_ssl_module.c).
It does it set it when using QUIC as HTTP (in ngx_http_ssl_module.c). Now,
I believe ALPN is mandatory for QUIC according to the QUIC-TRANSPORT draft,
so this might be a bug.
By copying the code done in ngx_http_ssl_module.c for setting the ALPN and
using it in ngx_stream_ssl_module.c, I was able to make my standalone app
connect and transfer data, but not sure
if this is the right fix.
R,
Lucas.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20210614/1dd4149e/attachment.htm>
More information about the nginx-devel
mailing list