fmaury/seirdy.one
1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-11-10 00:12:09 +00:00
Code Issues Projects Releases Wiki Activity
seirdy.one/content/notes/openssl-and-quic.md
Rohan Kumar df61b3f3f8
formatting
2022-10-24 18:11:01 -07:00

1.2 KiB
Raw Blame History

title date
OpenSSL and QUIC 2022-10-24T18:01:26-07:00

A rough timeline of QUIC support in OpenSSL-like libraries:

  1. BoringSSL implements QUIC.

  2. Quiche, a QUIC library, requires BoringSSL. Nginx can be patched to use Quiche for HTTP/3.

  3. Nginx's experimental QUIC branch (nginx-quic) is released. It requires BoringSSL.

  4. Some organizations (mostly Akamai) fork OpenSSL to implement the BoringSSL QUIC API, calling their fork QuicTLS. They plan to upstream changes.

  5. nginx-quic supports building with QuicTLS too.

  6. OpenSSL decides against the BoringSSL API and declines QuicTLS patches, preferring to write their own incompatible implementation.

  7. LibreSSL implements the BoringSSL QUIC API.

  8. nginx-quic can link against LibreSSL as well as BoringSSL and QuicTLS; they all use similar APIs.

(I believe wolfSSL is mostly compatible with the BoringSSL QUIC API, but I might be wrong.)

Developers will have a harder time supporting multiple TLS implementations, hurting the viability of e.g. LibreSSL-based distributions.