[nginx-quic]
Vladimir Homutov
vl at nginx.com
Mon Jun 14 16:35:06 UTC 2021
14.06.2021 18:08, Lucas Cuminato пишет:
> Hello,
>
> Not sure If this is a bug in nginx-quic or if I'm not configuring
> it correctly but when trying to use nginx-quic with the following settings.
>
> stream {
> server {
> listen 5555 quic reuseport;
> ssl_session_cache off;
> ssl_client_certificate ca.pem
> ssl_verify_client on;
> ssl_session_tickets off;
> ssl_certificate cert.pem
> ssl_certificate_key key.pem;
> ssl_protocols TLSv1.3;
> }
> }
>
> and using a standalone application that uses ngtcp2 to try to connect to
> nginx-quic, I get a TLS alert saying that "No application protocol".
> I've tracked this down and it seems like nginx-quic is not setting any
> ALPN for the SSL context when using QUIC as a stream (in
> ngx_stream_ssl_module.c).
> It does it set it when using QUIC as HTTP (in ngx_http_ssl_module.c).
> Now, I believe ALPN is mandatory for QUIC according to the
> QUIC-TRANSPORT draft, so this might be a bug.
> By copying the code done in ngx_http_ssl_module.c for setting the ALPN
> and using it in ngx_stream_ssl_module.c, I was able to make my
> standalone app connect and transfer data, but not sure
> if this is the right fix.
>
> R,
> Lucas.
>
Hello,
this is expected with stream module.
ALPN is required, but is not clear what protocol (http3? other protocol
over quic?) is going to be used.
Can you please elaborate your use case? What are you going to achieve?
Also, the suggested configuration is not going to work, since you don't
have any content handling module (i.e. proxy_pass or return).
More information about the nginx-devel
mailing list