fmaury/seirdy.one
1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-11-10 00:12:09 +00:00
Code Issues Projects Releases Wiki Activity

formatting

Browse source
This commit is contained in:
Rohan Kumar 2022-10-24 18:11:01 -07:00
parent a41244f7b1
commit df61b3f3f8
No known key found for this signature in database
GPG key ID: 1E892DB2A5F84479
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
content/notes/openssl-and-quic.md
View file

@ -5,12 +5,19 @@ date: 2022-10-24T18:01:26-07:00
A rough timeline of QUIC support in OpenSSL-like libraries: A rough timeline of QUIC support in OpenSSL-like libraries:
1. BoringSSL implements QUIC. 1. BoringSSL implements QUIC.
2. Quiche, a QUIC library, requires BoringSSL. Nginx can be patched to use Quiche for HTTP/3. 2. Quiche, a QUIC library, requires BoringSSL. Nginx can be patched to use Quiche for HTTP/3.
3. Nginx's experimental QUIC branch (nginx-quic) is released. It requires BoringSSL. 3. Nginx's experimental QUIC branch (nginx-quic) is released. It requires BoringSSL.
4. Some organizations (mostly Akamai) fork OpenSSL to implement the BoringSSL QUIC API, calling their fork QuicTLS. They plan to upstream changes. 4. Some organizations (mostly Akamai) fork OpenSSL to implement the BoringSSL QUIC API, calling their fork QuicTLS. They plan to upstream changes.
5. nginx-quic supports building with QuicTLS too. 5. nginx-quic supports building with QuicTLS too.
6. [OpenSSL decides against the BoringSSL API](https://daniel.haxx.se/blog/2021/10/25/the-quic-api-openssl-will-not-provide/) and declines QuicTLS patches, preferring to write their own incompatible implementation. 6. [OpenSSL decides against the BoringSSL API](https://daniel.haxx.se/blog/2021/10/25/the-quic-api-openssl-will-not-provide/) and declines QuicTLS patches, preferring to write their own incompatible implementation.
7. LibreSSL implements the BoringSSL QUIC API. 7. LibreSSL implements the BoringSSL QUIC API.
8. [nginx-quic can link against LibreSSL](https://hg.nginx.org/nginx-quic/rev/79cd6993a3e3) as well as BoringSSL and QuicTLS; they all use similar APIs. 8. [nginx-quic can link against LibreSSL](https://hg.nginx.org/nginx-quic/rev/79cd6993a3e3) as well as BoringSSL and QuicTLS; they all use similar APIs.
(I _believe_ wolfSSL is mostly compatible with the BoringSSL QUIC API, but I might be wrong.) (I _believe_ wolfSSL is mostly compatible with the BoringSSL QUIC API, but I might be wrong.)