0

I run Jetty 12.1.4 demo according to instruction: https://jetty.org/docs/jetty/12.1/operations-guide/begin/index.html including enabling HTT/3 protocol as described at: https://jetty.org/docs/jetty/12.1/operations-guide/protocols/index.html

On console I see that HTTP/3 started:

...
oejs.AbstractConnector:main: Started oejs.ServerConnector@18b30951{SSL, (ssl, alpn, h2, http/1.1)}{0.0.0.0:8443}
oejs.AbstractConnector:main: Started oejs.ServerConnector@22ee7fdc{HTTP/1.1, (http/1.1)}{0.0.0.0:8080}
oejqqs.AbstractQuicheServerConnectionFactory:main: HTTP/3+QUIC support is experimental and not suited for production use.

netstat shows that Jetty demo is listening on proper ports: TCP 8433 for HTTP/2 and UDP 8444 to which browser should redirect HTTP/3:

mn:~$ netstat -anp | grep 8443
tcp6       0      0 :::8443                 :::*                    LISTEN      38203/java
mn:~$ netstat -anp | grep 38203
tcp6       0      0 :::8443                 :::*                    LISTEN      38203/java
tcp6       0      0 :::8080                 :::*                    LISTEN      38203/java
udp6       0      0 :::8444                 :::*                                38203/java
unix  2      [ ]         STREAM     CONNECTED     189371   38203/java

At first tried with Jetty test self signed certificate. Browsers warned that this certificate is not trusted. Browsers in debug mode (F12) reported that they receive header:

alt-svc: h3=":8443"

but for all pages the only protocol used was HTTP/2.

For google.com I see that HTTP/2 responses redirecting to HTTP/3 used header:

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

I changed jetty.sslContext.keyStorePath to point to my own, trusted certificate. I disabled test-keystore module from all demo modules. Now browsers trust my certificate but they still use only HTTP/2 protocol.

Environment:

OS: Fedora release 43 (Forty Three)

Java: # java -version

openjdk version "25.0.1" 2025-10-21
OpenJDK Runtime Environment (Red_Hat-25.0.1.0.8-1) (build 25.0.1+8)
OpenJDK 64-Bit Server VM (Red_Hat-25.0.1.0.8-1) (build 25.0.1+8, mixed mode, sharing)

Browsers: Firefox 145.0 and Chrome 142.0.7444.162

How can I check why HTTP/3 is not used? Is it possible from server side? Is it possible from browser side?

EDIT

After reading my question again, and checking everything with browser and nestat I see that netstat reports UDP 8444:

netstat -anp | grep java | grep 44
tcp6       0  0 :::8443  :::*      LISTEN      40911/java          
udp6       0  0 :::8444  :::*                  40911/java

but in response headers there is 8443:

alt-svc:    h3=":8443"

Isn't it a mistake? Shouldn't it point to UDP port 8444 as explained at: https://http3-explained.haxx.se/en/h3/h3-altsvc ?

EDIT2

I changed both ports to 433:

[root@stresstest ~]# netstat -anp | grep java
tcp6   0   0 :::443     :::* LISTEN      1661248/java
tcp6   0   0 :::9080    :::* LISTEN      1661248/java
udp6   0   0 :::443     :::*        1661248/java
unix  2      [ ]         STREAM     CONNECTED     66730697 1661248/java

In browser debug I see proper response headers:

alt-svc: h3=":443"

but none of my browser changed protocol from HTTP/2 to HTTP/3.

Improve this question
5
  • 1
    Please see this answer Commented Nov 14 at 10:16
  • @sbordet thank you, can you have a look at edited part of the question with UDP port 8444 and alt-svc header pointing at 8443? Commented Nov 14 at 12:19
  • 1
    If you're using non-standard ports, likely browsers won't even attempt HTTP/3. I also don't think that browsers will like the fact that you are using different ports for HTTP/2 and HTTP/3. About the port mismatch, please file an issue here. Commented Nov 14 at 20:20
  • @sbordet see EDIT2 of my question. I set both ports to 443 and response header looks good, but browsers use only HTTP/2 :-( Commented Nov 17 at 13:22
  • As I said in the linked answer, browsers seem to have a secret sauce that we could not figure out. If you try with a command line client like curl or Jetty's HttpClient, does it work? Have you tried using private/incognito mode, clear browser caches, etc. to rule out that the site has been blacklisted due to previous failed attempts? Commented Nov 18 at 7:48
Related questions
5
Why my browser does not use HTTP/3 with my server?
0
run Jetty with SPDY out-of-the-box
0
Enabling HTTPS support on micronaut with Jetty not working as expected
Load 4 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.