Re: most probably next LibreSSL release will come with ... QUIC

[Willy Tarreau]

Hi,

On Wed, Aug 31, 2022 at 10:20:42PM +0200, Lukas Tribus wrote:
> Hello,
> 
> 
> wolfSSL has also chosen to use the same API for QUIC:
> 
> https://www.wolfssl.com/wolfssl-quic-support/
> 
> > The wolfSSL QUIC API is aligned with the corresponding APIs in other *SSL
> > libraries, making integration with QUIC protocol stacks easier and
> > protecting investments. This is a departure from past customs where OpenSSL
> > used to drive the design of APIs. However OpenSSL declined to participate
> > and offers no QUIC support for the foreseeable future.
> 
> 
> This is probably less useful for haproxy specifically, given that we
> don't support wolfssl in the first place, but interesting nonetheless.

Definitely, and we're currently having a look at all of this. GnuTLS
also supports QUIC using the same API (at least that's my understanding),
so in the end, OpenSSL will be the *only* mainstream SSL library that
continues to reject it. That obstination to not listen to their users
tells a lot about that project's governance and its life expectancy,
and if you factor in the massive performance regression that plagues
distros that ship with 3.0 such as Ubuntu 22, that basically limits its
use cases to command-line certificate generation and maybe SMTP/IMAP
daemons, but the future of the web will clearly be without OpenSSL now.
It's their decision, it's really sad and it negatively impacts all of
the web infrastructure ecosystem, but it's their project. Many of us
implored them to open their ears but there's not much more that can be
done at this point, they've started to plant the nails in the coffin.
We'll need to move on.

Willy

Re: most probably next LibreSSL release will come with ... QUIC

[Lukas Tribus]

Hello,


wolfSSL has also chosen to use the same API for QUIC:

https://www.wolfssl.com/wolfssl-quic-support/

> The wolfSSL QUIC API is aligned with the corresponding APIs in other *SSL 
> libraries, making integration with QUIC protocol stacks easier and protecting 
> investments. This is a departure from past customs where OpenSSL used to 
> drive the design of APIs. However OpenSSL declined to participate and offers 
> no QUIC support for the foreseeable future.


This is probably less useful for haproxy specifically, given that we
don't support wolfssl in the first place, but interesting nonetheless.


Lukas

On Wed, 31 Aug 2022 at 15:55, William Lallemand  wrote:
>
> On Mon, Aug 29, 2022 at 11:20:29PM +0500, Илья Шипицин wrote:
> > Hello,
> >
> > Provide the remaining QUIC API. · libressl-portable/openbsd@635aa39
> > (github.com)
> > 
> >
> >
>
> That's good to read! It didn't make it to libressl-portable for now but
> we will definitively try it once it's available.
> --
> William Lallemand
>

Re: most probably next LibreSSL release will come with ... QUIC

[William Lallemand]

On Mon, Aug 29, 2022 at 11:20:29PM +0500, Илья Шипицин wrote:
> Hello,
> 
> Provide the remaining QUIC API. · libressl-portable/openbsd@635aa39
> (github.com)
> 
> 
> 

That's good to read! It didn't make it to libressl-portable for now but
we will definitively try it once it's available.
-- 
William Lallemand

most probably next LibreSSL release will come with ... QUIC

[Илья Шипицин]

Hello,

Provide the remaining QUIC API. · libressl-portable/openbsd@635aa39
(github.com)



Ilya