Здравствуйте, Роман. Все тесты проводил на внутри одной локальной сети, потери по UDP протоколу маловероятны. Лог удачного и неудачного запроса: * Trying 192.168.0.21:443... * Trying 192.168.0.21:443... * Connected to example.com (192.168.0.21) port 443 (#0) * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * subjectAltName: host "example.com" matched cert's "example.com" * Verified certificate just fine * Connected to example.com (192.168.0.21) port 443 (#0) * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS alert, close notify (256): * using HTTP/3 * h2h3 [:method: HEAD] * h2h3 [:path: /] * h2h3 [:scheme: https] * h2h3 [:authority: example.com] * h2h3 [user-agent: curl/8.0.1] * h2h3 [accept: */*] * Using HTTP/3 Stream ID: 0 (easy handle 0x1152ed0) > HEAD / HTTP/3 > Host: example.com > user-agent: curl/8.0.1 > accept: */* > < HTTP/3 403 HTTP/3 403 < server: nginx/1.23.4 server: nginx/1.23.4 < date: Mon, 10 Apr 2023 16:28:29 GMT date: Mon, 10 Apr 2023 16:28:29 GMT < content-type: text/html content-type: text/html < content-length: 153 content-length: 153
< * Connection #0 to host example.com left intact * Trying 192.168.0.21:443... * Trying 192.168.0.21:443... * Connected to example.com (192.168.0.21) port 443 (#0) * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN: server accepted h2 * Server certificate: * subject: CN=example.com * start date: Mar 6 17:57:46 2023 GMT * expire date: Apr 5 17:57:46 2025 GMT * subjectAltName: host "example.com" matched cert's "example.com" * issuer: CN=minica root ca 283035 * SSL certificate verify ok. * using HTTP/2 * h2h3 [:method: HEAD] * h2h3 [:path: /] * h2h3 [:scheme: https] * h2h3 [:authority: example.com] * h2h3 [user-agent: curl/8.0.1] * h2h3 [accept: */*] * Using Stream ID: 1 (easy handle 0x1ae6ed0) > HEAD / HTTP/2 > Host: example.com > user-agent: curl/8.0.1 > accept: */* > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing < HTTP/2 403 HTTP/2 403 < server: nginx/1.23.4 server: nginx/1.23.4 < date: Mon, 10 Apr 2023 16:28:32 GMT date: Mon, 10 Apr 2023 16:28:32 GMT < content-type: text/html content-type: text/html < content-length: 153 content-length: 153 < * Connection #0 to host example.com left intact Лог с бесконечным запросом: * Trying 192.168.0.21:443... * Trying 192.168.0.21:443... * Connected to example.com (192.168.0.21) port 443 (#0) * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * subjectAltName: host "example.com" matched cert's "example.com" * Verified certificate just fine * Connected to example.com (192.168.0.21) port 443 (#0) * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS alert, close notify (256): * using HTTP/3 * h2h3 [:method: HEAD] * h2h3 [:path: /] * h2h3 [:scheme: https] * h2h3 [:authority: example.com] * h2h3 [user-agent: curl/8.0.1] * h2h3 [accept: */*] * Using HTTP/3 Stream ID: 0 (easy handle 0x18f6ed0) > HEAD / HTTP/3 > Host: example.com > user-agent: curl/8.0.1 > accept: */* > * ngtcp2_conn_writev_stream returned error: ERR_DRAINING * ngtcp2_conn_writev_stream returned error: ERR_DRAINING * ngtcp2_conn_writev_stream returned error: ERR_DRAINING * ngtcp2_conn_writev_stream returned error: ERR_DRAINING * ngtcp2_conn_writev_stream returned error: ERR_DRAINING * ngtcp2_conn_writev_stream returned error: ERR_DRAINING -- С уважением, Izorkin mailto:izor...@gmail.com _______________________________________________ nginx-ru mailing list nginx-ru@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-ru