From 73b5d331cc1535da70e4ae3a6bc6859e60684d58 Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Fri, 31 Oct 2025 10:12:55 +0100 Subject: [PATCH] OPTIM: quic: adjust automatic ALPN setting for QUIC servers If a QUIC server is declared without ALPN, "h3" value is automatically set during _srv_parse_finalize(). This patch adjusts this operation. Instead of relying on ssl_sock_parse_alpn(), a plain strdup() is used. This is considered more efficient as the ALPN string is constant in this case. This method is already used for listeners on the frontend side. --- doc/configuration.txt | 4 +++- src/server.c | 11 +++++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 55b84b880..32c495098 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -17696,7 +17696,9 @@ alpn delimited list of protocol names, for instance: "http/1.1,http/1.0" (without quotes). This requires that the SSL library is built with support for TLS extensions enabled (check with haproxy -vv). The ALPN extension replaces the - initial NPN extension. ALPN is required to connect to HTTP/2 servers. + initial NPN extension. ALPN is required to connect to HTTP/2 servers. It is + also required to be able to use HTTP/3 via a QUIC server, "h3" serves as a + default value for QUIC servers without "alpn" setting. Versions of OpenSSL prior to 1.0.2 didn't support ALPN and only supposed the now obsolete NPN extension. If both HTTP/2 and HTTP/1.1 are expected to be supported, both versions can diff --git a/src/server.c b/src/server.c index 02980db72..ba0419316 100644 --- a/src/server.c +++ b/src/server.c @@ -3935,10 +3935,13 @@ static int _srv_parse_finalize(char **args, int cur_arg, ha_warning("QUIC protocol detected, enabling ssl. Use 'ssl' to shut this warning.\n"); } - if (!srv->ssl_ctx.alpn_str && - ssl_sock_parse_alpn("h3", &srv->ssl_ctx.alpn_str, - &srv->ssl_ctx.alpn_len, &errmsg) != 0) { - return ERR_ALERT | ERR_FATAL; + if (!srv->ssl_ctx.alpn_str) { + srv->ssl_ctx.alpn_str = strdup("\002h3"); + if (!srv->ssl_ctx.alpn_str) { + ha_alert("out of memory while trying to allocate a default alpn string.\n"); + return ERR_ALERT | ERR_FATAL; + } + srv->ssl_ctx.alpn_len = strlen(srv->ssl_ctx.alpn_str); } #else ha_alert("QUIC protocol selected but support not compiled in (check build options).\n"); -- 2.47.3