From 52e0bc5081c3bf617dca952b88fffba4896b9b02 Mon Sep 17 00:00:00 2001
From: Rohan Kumar <seirdy@seirdy.one>
Date: Fri, 26 May 2023 20:57:41 -0700
Subject: [PATCH] Mention that Envoy uses BoringSSL

---
 content/notes/using-boringssl.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/content/notes/using-boringssl.md b/content/notes/using-boringssl.md
index 97ea648..438c6ad 100644
--- a/content/notes/using-boringssl.md
+++ b/content/notes/using-boringssl.md
@@ -21,5 +21,6 @@ Despite BoringSSL's "not intended for general use" warning, it's used by many pr
 - Optionally: Nginx, libcurl
 - <ins datetime="2023-04-24">(Update <time>2023-04-24</time>) [Apple's SwiftNIO SSL](https://github.com/apple/swift-nio-ssl)</ins>
 - <ins datetime="2023-04-24">(Update <time>2023-04-24</time>) [AWS libcrypto](https://github.com/aws/aws-lc) is based on BoringSSL</ins>
+- <ins datetime="2023-05-26">(Update <time>2023-05-26</time>) the Envoy proxy [uses BoringSSL](https://www.envoyproxy.io/docs/envoy/latest/faq/build/boringssl)</ins>
 
 I use nginx-quic with BoringSSL without issue, although I did have to use [a separate script](https://github.com/tomwassenberg/certbot-ocsp-fetcher) to manage the OCSP cache. The script manages the cache better than Nginx ever did, so I recommend it; it should be trivial to switch it from OpenSSL to LibreSSL.