openresty
ssl_client_hello_by_lua_block could not connect redis when I use http3
I am trying to connect redis in a ssl_client_hello_by_lua_block when the client use http3/quic protocol, but failed with error message: SSL_do_handshake() failed while loading SSL client hello by lua. However, Http2 and Http1.1 do not have such errors.
like this
ssl_client_hello_by_lua_block {
local redis = require "resty.redis"
local red = redis:new()
red:set_timeout(1000) -- 1 sec
local ok, err = red:connect("127.0.0.1", 6379)
local https_data = red:get("test.abc.com")
}
When I access using the Http3 protocol, an error is reported.
./curl --http3-only -k -vos https://test.abc.com:443/test
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Host test.abc.com:443 was resolved.
* IPv6: (none)
* IPv4: 172.24.190.170
* Trying 172.24.190.170:443...
* QUIC connection has been shut down
* QUIC connect to 172.24.190.170 port 443 failed: Could not connect to server
* Failed to connect to test.abc.com port 443 after 1 ms: Could not connect to server
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* closing connection #0
curl: (7) QUIC connection has been shut down
error message:
2024/12/28 15:18:26 [error] 4812#0: *3047 SSL_do_handshake() failed while loading SSL client hello by lua, client: 172.24.190.170, server: 0.0.0.0:443
nginx version: openresty/1.25.3.2 built by gcc 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04) built with OpenSSL 1.1.1w 11 Sep 2023 TLS SNI support enabled
hi @wuxiekeji-1 I also encountered the same problem. Is there any progress here?
fixed in https://github.com/openresty/openresty/pull/1063, let's wait for openresty next patch release.
fixed in openresty/openresty#1063, let's wait for openresty next patch release.
When will this bug be released in the official version?