I have been trying for days. Tried compiling with different SSL libraries but QUIC still doesn't work. HAproxy doesn't start unless I put "limited-quic" in the global section. I don't see any UDP traffic and no h3 protocol in the browser's inspection. Here is the output of haproxy -vv.
Build options :
TARGET = linux-glibc
CC = cc
CFLAGS = -O2 -g -fwrapv
OPTIONS = USE_OPENSSL=1 USE_LUA=1 USE_SLZ=1 USE_QUIC=1 USE_PROMEX=1 USE_PCRE2=1
USE_PCRE2_JIT=1 DEBUG =
Feature list : -51DEGREES +ACCEPT4 +BACKTRACE -CLOSEFROM +CPU_AFFINITY +CRYPT_H -DEVICEATLAS +DL -ENGINE +EPOLL -EVPORTS +GETADDRINFO -KQUEUE -LIBATOMIC +LIBCRY PT +LINUX_CAP +LINUX_SPLICE +LINUX_TPROXY +LUA +MATH -MEMORY_PROFILING +NETFILTE R +NS -OBSOLETE_LINKER +OPENSSL -OPENSSL_AWSLC -OPENSSL_WOLFSSL -OT -PCRE +PCRE2 +PCRE2_JIT -PCRE_JIT +POLL +PRCTL -PROCCTL +PROMEX -PTHREAD_EMULATION +QUIC -QU IC_OPENSSL_COMPAT +RT +SHM_OPEN +SLZ +SSL -STATIC_PCRE -STATIC_PCRE2 +TFO +THREA D +THREAD_DUMP +TPROXY -WURFL -ZLIB
Built with OpenSSL version : OpenSSL 1.1.1w+quic 11 Sep 2023
Running on OpenSSL version : OpenSSL 1.1.1w+quic 11 Sep 2023
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with Lua version : Lua 5.3.6
Built with the Prometheus exporter as a service
Built with network namespace support.
Built with libslz for stateless compression.
HAProxy config:
bind *:443 ssl crt /etc/haproxy/certs/mycert.pem alpn h2,http/1.1
bind quic4@:443 ssl strict-sni crt /etc/haproxy/certs/mycert.pem alpn h3
http-after-response add-header alt-svc 'h3=":443"; ma=86400; persist=1'
In HAProxy log:
Binding [/etc/haproxy/haproxy.cfg:59] for frontend appnodes: this SSL library does not support the QUIC protocol. A limited compatibility layer may be enabled using the "limited-quic" global option if desired.
This was the same case prior to using OpenSSL 1.1.1w+quic library.
What am I doing wrong?