Closed adewes closed 1 year ago
Key Update might not be supported, see #1115
Yes I figured that out now @Lekensteyn, seems there's a PR for it. It's a bit of a blocker for me as it causes irrecoverable connection loss once we hit 100.000 packets, so long-lived connections (large downloads) simply cannot work when running against QUIC servers that enforce key updates (e.g. quic-go: https://github.com/lucas-clemente/quic-go/issues/3469).
My solution for now is to patch quic-go to effectively disable key updates, but that's not great of course.
I had the same issue.
I had another QUIC implementation that needed to communicate with quiche
and, because of this bug, I could not have a client-server long-lived connection. So inconvenient.
I've investigated the bug and opened a patch on quiche that implements it, one year ago by now. (Also Note: this is not optional: this should be by a standard implementation).
Patching the "other" implementation to disable key-update is even worse. Key update is there for a (security) reason.
While waiting consideration on my PR, I workarounded my issue by using another cypher-suit for the QUIC my client-server connection (it is in the TLS negotation). TLS 1.3 supports a couple of cypher-suits, and not all of them need AEAD
When sending data through a QUIC stream the connection always fails at the 99.999th packet received, giving me "dropped invalid packet" errors. It seems this is due to a key update initiated by the server (based on
quic-go
). I couldn't figure out how to fix this, is Quiche maybe not handling key updates correctly in this case? I use the following client configuration:Here's the log output leading to the error. After receiving the invalid packets the connection eventually times out. Log entries with name "xxxxxxxxxxxxx" are from my client code.