Copie -> FRsAG On 28/05/2021 07:23, Stephane Bortzmeyer wrote:
> Les quatre RFC sur QUIC viennent d'être publiés. Ce nouveau protocole > de transport, concurrent de TCP, pourrait bien devenir le transport > majoritaire sur l'Internet, et changer certaines choses (par exemple, > la mécanique de la couche transport est désormais chiffrée et n'est > plus visible par un observateur indiscret, ce qui fera peut-être râler > certains). > > https://www.bortzmeyer.org/quic.html On peut tester avec nginx-quic qui utilise boringssl. https://quic.nginx.org/ https://boringssl.googlesource.com/boringssl/ JFB PS Testé avec Debian 10 (on peut se passer de ngx-fancyindex et de nginx-ct-master) : ### boringssl # https://boringssl.googlesource.com/boringssl/ cd /usr/src git clone https://boringssl.googlesource.com/boringssl cd boringssl mkdir build cd build cmake .. make ### nginx-quic # https://quic.nginx.org/ # https://hg.nginx.org/nginx-quic/shortlog/quic cd /usr/src hg clone -b quic https://hg.nginx.org/nginx-quic cd nginx-quic # README ./auto/configure --with-debug --with-http_v3_module \ --with-cc-opt="-I../boringssl/include" \ --with-ld-opt="-L../boringssl/build/ssl -L../boringssl/build/crypto" \ --prefix=/usr/local/nginx-quic \ --with-http_ssl_module --with-http_v2_module \ --with-http_stub_status_module --with-http_gzip_static_module \ --with-http_geoip_module \ --with-openssl-opt=no-shared \ --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module \ --add-dynamic-module=/usr/src/nginx-ct-master --add-module=../ngx-fancyindex \ --user=www-data --group=www-data make make install ### /usr/local/nginx-quic/conf/nginx.conf # (1) events {} http { log_format quic '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" "$quic" "$http3"'; access_log logs/access.log quic; server { # for better compatibility it's recommended # to use the same port for quic and https listen 443 http3 reuseport; listen 443 ssl; ssl_certificate fullchain.pem; ssl_certificate_key privkey.pem; ssl_protocols TLSv1.3; location / { # required for browsers to direct them into quic port add_header Alt-Svc '$http3=":443"; ma=86400'; add_header QUIC-Status $quic; root /var/www/html/; index index.html index.htm; } } } -- __ _ .-.' `; `-._ __ _ (_, .-:' `; `-._ ,'o"( (_, ) (__,-' ,'o"( )> ( (__,-' ) `-'._.--._( ) ||| |||`-'._.--._.-' ||| ||| (Bob Allison) _______________________________________________ Liste de diffusion du FRsAG http://www.frsag.org/