Table of Contents

How to enable QUIC on LiteSpeed Web Server

QUIC (or, Quick UDP Internet Connections) is an experimental protocol initially developed by Google in 2012, and announced publicly the following year. QUIC is a good choice for those looking to reduce connection-establishment time and improve congestion control. Since version 5.2, LiteSpeed provides the first production-grade mass-market QUIC implementation available for the public. If you want to serve your web content using the QUIC protocol, LiteSpeed is the solution.

To enable QUIC, there is no configuration change required in LSWS. For control panel users, QUIC is turned on by default for Apache HTTPS vhosts. All that is required is to open UDP port 443.


Firewall Configuration

QUIC runs a stream-multiplexing protocol over Transport Layer Security (TLS) on top of UDP instead of TCP. Be sure you've enabled the port with both TCP and UDP. Most of the time, TCP 443 is enabled.

QUIC itself should auto listen on UDP port 443, but any firewall that is running must be configured so that port 443 is open.

You will need to identify which firewall is running, such as firewalld, iptables, csf, or other external firewalls.

For cPanel, if there is no extra firewall such as CSF, UDP 443 should be enabled by default. If CSF is used, you need to enable it at the CSF level.

For Plesk, if a firewall is activated, you need to enable UDP 443 manually.

For firewalld, you can enable it with the following command:

firewall-cmd --zone=public --add-port=443/udp --permanent
firewall-cmd --reload

For iptables, you can enable it with the following command:

iptables -I INPUT -p udp --dport 443 -j ACCEPT
/sbin/service iptables save
/sbin/service iptables restart

You can quickly check to make sure it is listening by running

netstat -lupn | grep 443
udp        0      0     *                               18918/litespeed (ls 
udp        0      0 x.x.x.x:443 *                               18918/litespeed (ls 
udp        0      0 :::443                      :::*                                    18918/litespeed (ls 

Test UDP Incoming and Outgoing Connection

Although you have enabled UDP on 443 on your server, it may be blocked by the data center at the route/switch/firewall level. To verify this, you can run the following:

Test incoming UDP from outside of your server

To test incoming UDP connections to your server, you can run the following command from somewhere else, such as your local VM, or your other test client machine, but not within your server to be tested:

[root@OLS-PS-EL /]# nc -v -u your_server_ip 443
Ncat: Version 6.40 ( )
Ncat: Connected to your_server_ip:443

test outgoing UDP connections inside your server

To test outgoing UDP connections on your server, you can run the following within your testing server:

nc -v -u 443 
Ncat: Version 6.40 ( )
Ncat: Connected to

How to verify QUIC is enabled

Understanding QUIC


Understanding the Priority of the Settings

QUIC can be enabled or disabled at three different levels. It's important to understand how these settings affect each other.
If QUIC is not explicitly turned off at any level, then priority for enabling QUIC is given at the most specific level: Virtual Host, then Listener, then Server.
If QUIC is explicity turned off at any level, then none of the more specific levels may turn it on. In other words, if QUIC is turned off at the Server level, then it cannot be turned on at the Listener level or at the Virtual Host level.

Put another way:

For a particular Virtual Host, QUIC will be ON if:

For a particular Virtual Host, QUIC will be OFF if:

Here is an example setup:

QUIC Directives