Open Bug 1875718 Opened 8 months ago Updated 1 month ago

HTTP/3-only websites cannot be accessed

Categories

(Core :: Networking, defect, P3)

Product:
Core
Component:
Networking
Version:
Firefox 121
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: shambles_09, Unassigned)

References

(Depends on 1 open bug)

Details

(Whiteboard: [necko-triaged])

Steps to reproduce:

  1. Flush operating system's DNS cache.
  2. Open a new private tab. Not strictly necessary but helps with cookies and browser cache.
  3. Open the developer console and select to persist logs as well as disable cache.
  4. Open wireshark and set the filter to dns so that all DNS messages can be seen.
  5. Navigate to https://www.cloudflare.com/

Actual results:

No HTTPS RR is queried thus the initial request is HTTP/2 instead of HTTP/3.

Expected results:

HTTPS RR should be queried so that the ALPN field can be retrieved. From this field the browser would be able to know whether HTTP/3 is supported and begin a HTTP/3 connection instead of having to start with HTTP/2 or 1.1 and then switch after receiving the Alt-Svc header.

This breaks for servers which only use HTTP/3.

Seen with Firefox v120.

You can verify that www.cloudflare.com has a valid HTTPS RR by running:

dig www.cloudflare.com HTTPS

which gives the result:

www.cloudflare.com. 31 IN HTTPS 1 . alpn="h3,h2" ipv4hint=... ipv6hint=...

The Bugbug bot thinks this bug should belong to the 'Core::Networking' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Networking
Product: Firefox → Core
Summary: HTTPS RR is not queried and alpn parameter is not used → HTTP/3-only websites cannot be accessed
Regressions: 1721132

This isn't really regressed by bug 1721132 - so I moved that one to see also.

The problem here is that HTTPS records aren't yet supported when DNS over HTTPS is disabled.
Enabling DNS over HTTPS should make it so that the HTTPS record is queried before navigating to the page. Otherwise, the upgrade to HTTP/3 will be done using Alt-Svc header in the response.

This issue should soon be fixed by bug 1852752.
You can try it out in Nightly by setting the network.dns.native_https_query pref to true.

Severity: -- → S3
Depends on: 1852752
Priority: -- → P3
No longer regressions: 1721132
See Also: → 1721132
Whiteboard: [necko-triaged]

The feature is riding the trans in Firefox 127 - see bug 1890999.
It should fix the issue on Windows 11, Linux and Android 10+.

You need to log in before you can comment on or make changes to this bug.