Opened 5 weeks ago

Last modified 5 weeks ago

#2641 new defect

Q:Does NGINX QUIC Support KTLS?

Reported by: Karthikdasari0423@… Owned by:
Priority: trivial Milestone:
Component: http/3 Version: 1.25.x
Keywords: Cc:
uname -a: Linux ubuntu 5.15.0-107-generic #117-Ubuntu SMP Fri Apr 26 12:26:49 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.25.5
built by gcc 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04)
built with OpenSSL 3.0.13 30 Jan 2024
TLS SNI support enabled
configure arguments: --with-debug --prefix=/usr/local --conf-path=/usr/local/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-openssl=../openssl-3.0.13 --with-openssl-opt=enable-ktls --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' --with-http_v3_module

Description

I configured my nginx to port 8443 which supports both quic and h2.
When i tried downloading file using quic, nginx seems to be not using quic while h2 i using KTLS
Am i missing anything here?

Change History (1)

comment:1 by Karthikdasari0423@…, 5 weeks ago

This is with h2
`

  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):

{ [249 bytes data]

  • old SSL session ID is stale, removing
  • Request completely sent off

{ [5 bytes data]
< HTTP/2 200
< server: nginx/1.25.5
< date: Fri, 17 May 2024 17:33:50 GMT
< content-type: application/pdf
< content-length: 30182355
< last-modified: Fri, 17 May 2024 07:35:03 GMT
< etag: "664708a7-1cc8bd3"
< alt-svc: h3=":8443"; ma=86400
< x-protocol: HTTP/2.0
< accept-ranges: bytes
<
} [5 bytes data]
############################# 23.3%C
root@ubuntu:~# grep BIO /var/log/nginx/error.log
2024/05/17 17:33:50 [debug] 141978#141978: *1 BIO_get_ktls_send(): 1
root@ubuntu:~#
root@ubuntu:~# grep SSL_sendfile /var/log/nginx/error.log
2024/05/17 17:33:50 [debug] 141978#141978: *1 SSL_sendfile: 8192
2024/05/17 17:33:50 [debug] 141978#141978: *1 SSL_sendfile: 8192
2024/05/17 17:33:50 [debug] 141978#141978: *1 SSL_sendfile: 8192
`
Below is with h3
As we can see File started downloading but not with KTLS
`

  • Request completely sent off
  • old SSL session ID is stale, removing

< HTTP/3 200
< server: nginx/1.25.5
< date: Fri, 17 May 2024 17:35:00 GMT
< content-type: application/pdf
< content-length: 30182355
< last-modified: Fri, 17 May 2024 07:35:03 GMT
< etag: "664708a7-1cc8bd3"
< alt-svc: h3=":8443"; ma=86400
< x-protocol: HTTP/3.0
< accept-ranges: bytes
<
{ [415 bytes data]
########################## 21.3%C
root@ubuntu:~# grep BIO /var/log/nginx/error.log
2024/05/17 17:33:50 [debug] 141978#141978: *1 BIO_get_ktls_send(): 1
root@ubuntu:~#
`

Note: See TracTickets for help on using tickets.