OpenSSL 3.3, and moving the QUIC API to a separate project? #124

tmshort · 2023-07-05T15:22:42Z

tmshort
Jul 5, 2023
Maintainer

I was speaking with Matt Caswell of OpenSSL, and he suggested that with the new pluggable record-layer features of OpenSSL 3.2, that it might be possible to implement the QUIC API that way, eventually moving the code to a Provider (once the pluggable interface is available in the Provider API in 3.3?). This would mean that vanilla OpenSSL 3.2 or 3.3 (?) could be used with a separate QUIC interface. Internal OpenSSL header files might be required, so there would still be a version dependency on the built (binary) code, but not necessarily the source code.

This could be done in parallel with the existing QUIC repo; it wouldn't impact that development.

talregev · 2023-11-15T05:40:42Z

talregev
Nov 15, 2023

This is similar to my suggestion to convert quic tls to library on top of open ssl, and install it along side.
It Also can be installed in vcpkg that way and get to more people. (and enable the http3 protocol in many libraries).
So I am support this way.

0 replies

wbl · 2023-11-15T06:26:36Z

wbl
Nov 15, 2023
Maintainer

I'm worried that the performance characteristics of the pluggable record layer might be prohibitive. We've seen pretty bad designs come out of OpenSSL in the past favoring extreme late binding over performance. If the interface is designed for their QUIC implementation it might work out, and if this something they are going to support it could really help, although would bring slightly different packaging.

2 replies

nibanks Nov 15, 2023
Maintainer

MsQuic has extensive performance tests and if such a chance is made, we can use it to validate performance.

tmshort Nov 17, 2023
Maintainer Author

This was designed explicitly for their QUIC support. We would use it for the downstream data send and receive.

talregev · 2023-11-15T06:33:10Z

talregev
Nov 15, 2023

You should talk with openssl and share your thoughts.

0 replies

talregev · 2023-12-02T22:39:17Z

talregev
Dec 2, 2023

When you implement quic API over pluggable record-layer features of OpenSSL (3.2 or 3.3), Can you open a new repo. for example quictls for the new code there?

0 replies

richsalz · 2024-10-29T17:57:36Z

richsalz
Oct 29, 2024
Maintainer

We are moving ahead with our quictls/quictls fork, which is (now) based on openssl 3.3
We've had discussions with the openssl team, and their response (private, sorry, cannot share), woudl require too much work for no gain.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OpenSSL 3.3, and moving the QUIC API to a separate project? #124

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 5 comments 2 replies

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

OpenSSL 3.3, and moving the QUIC API to a separate project? #124

tmshort Jul 5, 2023 Maintainer

Replies: 5 comments · 2 replies

talregev Nov 15, 2023

wbl Nov 15, 2023 Maintainer

nibanks Nov 15, 2023 Maintainer

tmshort Nov 17, 2023 Maintainer Author

talregev Nov 15, 2023

talregev Dec 2, 2023

richsalz Oct 29, 2024 Maintainer

tmshort
Jul 5, 2023
Maintainer

Replies: 5 comments 2 replies

talregev
Nov 15, 2023

wbl
Nov 15, 2023
Maintainer

nibanks Nov 15, 2023
Maintainer

tmshort Nov 17, 2023
Maintainer Author

talregev
Nov 15, 2023

talregev
Dec 2, 2023

richsalz
Oct 29, 2024
Maintainer