Clients fail to connect via HTTP3 over QUIC
David Hu
me at davidte.ch
Mon Feb 21 21:43:38 UTC 2022
I have compiled the latest master branch of nginx-quic with these options:
nginx version: nginx/1.21.7 (8861:b5c87e0e57ef)
built with OpenSSL 3.0.1+quic 14 Dec 2021
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --build=8861:b5c87e0e57ef
--with-debug --with-http_ssl_module --with-http_v2_module
--with-stream_quic_module --with-http_v3_module
--with-cc-opt='-I/usr/local/include/openssl -O0 -DNGX_HTTP_V3_HQ=1'
--with-ld-opt=-L/usr/local/lib64
and OpenSSL version (quictls):
OpenSSL 3.0.1+quic 14 Dec 2021 (Library: OpenSSL 3.0.1+quic 14 Dec 2021)
built on: Sun Feb 20 01:43:12 2022 UTC
platform: linux-x86_64
options: bn(64,64)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3
-DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC
-DOPENSSL_BUILDING_OPENSSL -DNDEBUG -DOPENSSL_TLS_SECURITY_LEVEL=2
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/lib64/engines-81.3"
MODULESDIR: "/usr/local/lib64/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0xfff83203078bffff:0x4219c01ab
And my nginx config file http block looks like this:
[redacted sensitive configs]
http {
[redacted some configs]
quic_retry on;
http3_push on;
http3_hq on;
}
However clients cannot cannot to my server either through H3 or HQ anymore
Wireshark shows handshake failure
CONNECTION_CLOSE (Transport) Error code: CRYPTO_ERROR (No application
Protocol)
Frame Type: CONNECTION_CLOSE (Transport) (0x000000000000001c)
Error code: CRYPTO_ERROR (376)
TLS Alert Description: No application Protocol (120)
Frame Type: 0
Reason phrase Length: 16
Reason phrase: handshake failed
How am I supposed to solve this?
More information about the nginx-devel
mailing list