[nginx-quic]

Lucas Cuminato lcuminato at gmail.com
Mon Jun 14 16:43:58 UTC 2021


Hi, Vladimir, thanks for replying.

I'm not using any protocol over QUIC, just using QUIC to send/receive raw
data to/from my application and the server, and having nginx proxy it to a
TCP server.
I do have a proxy_pass configured in my setup. I just omitted for
simplicity.

R,
Lucas.


On Mon, Jun 14, 2021 at 11:35 AM Vladimir Homutov <vl at nginx.com> wrote:

> 14.06.2021 18:08, Lucas Cuminato пишет:
> > Hello,
> >
> > Not sure If this is a bug in nginx-quic or if I'm not configuring
> > it correctly but when trying to use nginx-quic with the following
> settings.
> >
> > stream {
> >      server {
> >          listen 5555 quic reuseport;
> >          ssl_session_cache off;
> >          ssl_client_certificate ca.pem
> >          ssl_verify_client on;
> >          ssl_session_tickets off;
> >          ssl_certificate         cert.pem
> >          ssl_certificate_key    key.pem;
> >          ssl_protocols       TLSv1.3;
> >      }
> > }
> >
> > and using a standalone application that uses ngtcp2 to try to connect to
> > nginx-quic, I get a TLS alert saying that "No application protocol".
> > I've tracked this down and it seems like nginx-quic is not setting any
> > ALPN for the SSL context when using QUIC as a stream (in
> > ngx_stream_ssl_module.c).
> > It does it set it when using QUIC as HTTP (in ngx_http_ssl_module.c).
> > Now, I believe ALPN is mandatory for QUIC according to the
> > QUIC-TRANSPORT draft, so this might be a bug.
> > By copying the code done in ngx_http_ssl_module.c for setting the ALPN
> > and using it in ngx_stream_ssl_module.c, I was able to make my
> > standalone app connect and transfer data, but not sure
> > if this is the right fix.
> >
> > R,
> > Lucas.
> >
> Hello,
> this is expected with stream module.
> ALPN is required, but is not clear what protocol (http3? other protocol
> over quic?) is going to be used.
> Can you please elaborate your use case? What are you going to achieve?
> Also, the suggested configuration is not going to work, since you don't
> have any content handling module (i.e. proxy_pass or return).
>
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20210614/16c10035/attachment.htm>


More information about the nginx-devel mailing list