Hello, Haproxy users,
does anybody here use Haproxy with HTTP/3 QUIC? Do you see occasional NS_ERROR_NET_INTERRUPT errors in Firefox?
Since I moved my systems from IPVS kernel-based load balancing to Haproxy and enabled H3/QUIC, some users of my systems complain that from time to time they get “Secure connection error” from my server. As far as I can see there is nothing relevant to these failed requests in Haproxy logs. Also it is not easy to reproduce, I was not able to reproduce the problem on some of my systems at all. On some other systems, though, it is pretty easy to reproduce - just repeatedly hit the Reload button in the browser until it appears.
Some details:
- it happens only in Firefox, not in Chrome
- the problem can be observed at least with haproxy 2.9 and 3.0
- I tried to compile Haproxy against the latest QuicTLS release and against OpenSSL 3.3 with limited QUIC support, the problem is still there.
- the problem can be seen both on Linux and Windows clients
- in the developer tools in Firefox (press [F12]), the failed request has NS_ERROR_NET_INTERRUPT status
- disabling H3 in Haproxy configuration altogether makes the problem disappear
According to 1896216 - ns_error_net_interrupt error when accessing l-tike.com this is probably a bug in Firefox HTTP/3 and not in Haproxy, as there are reports about failed requests against Nginx server as well.
So, do you use H3 in Haproxy without any reported problems from Firefox users? If so, which TLS library do you compile Haproxy against?
There are definitely H3 server implementations which work even with Firefox. For example, I was not able to reproduce this against google.com.
Thanks,
-Yenya