I am experimenting with enabling HTTP/3 support on my webserver. In my specific setup, it will not be possible to use UDP port 443, since I have different websites hosted by different webservers on the same public IP address, and I am not aware of any reverse proxy that supports TLS passthrough for HTTP/3.
I have enabled HTTP/3 on port 44113. The service is advertised using the HTTP header Alt-Svc: h3=":44113"; ma=2592000,h3-29=":44113"; ma=2592000. Firefox successfully recognizes the service and makes any subsequent requests using HTTP/3. However, Chrome sticks with HTTP/2. When I temporarily moved HTTP/3 to port 443, it suddenly worked in Chrome as well.
Is this behaviour documented anywhere? Are there any cases in which HTTP/3 works over another port than 443 in Chrome?
As answered on the chromium-discuss mailing list, Chromium supports HTTP/3 only on UDP ports < 1024.
The reason can be found in the source code:
Some shared unix systems may have user home directories (like
http://example.com/~mike) which allow users to emit headers. This is a bad idea already, but with Alternate-Protocol, it provides the ability for a single user on a multi-user system to hijack the alternate protocol. These systems also enforce ports <1024 as restricted ports. So don't allow protocol upgrades to user-controllable ports.