Hi Julian, On Tue, May 06, 2025 at 05:43:28PM +0300, Julian Wiesener wrote: > Hi, > > as i'm working on VTest HTTP/3, this discussion is of particular intrest to > me.
Oh that's cool! > Still WIP, i have not shared any code, thus i assume most of you are not > aware of my efforts, so thanks for considering my opinion. > > I used ngtcp2/nghttp3 and implemented the needed VUDP* equalents for what is > VTCP* in Varnish as well as its VTest copy (see lib/vtcp.h). > To me it would make much sense to have it in a shared library, basically the > "varnish-lib" idea. > Of course it would mean, that it would be OK, to have (at least optional) > dependencies on ngtcp2, nghttp3 and a SSL Library*. > IIRC HAproxy already have an other HTTP/3 implementation, so i would assume > they would not be intrested, in using "varnish-lib" outside of VTest, > but there might still be room for collaboration in the future. We do indeed have out own H3/QUIC implementation, but it's independent on vtest. For us, vtest is a totally standalone tool. We simply update it from time to time. Also it totally makes sense to me to use ngtcp2 and nghttp3 for vtest, because these libs are widely used and generally considered as a reference implementation, something that vtest would definitely benefit from. > For Varnish, i think it would make sense to use the poposed lib for HTTP/3, i > would keep the server init (TLS Key reading etc.) out of the shared lib, so > Varnish can still use other means (keyless). I can't speak for that part :-) > * ATM i use WolfSSL as my OS comes with a LibreSSL without Quic support, > however, new enough OpenSSL, its derivates and GNUtls can be used with ngtcp2 You may want to have a look at aws-lc. It's really cool. It's a fork of BoringSSL but with a stable API. As such, it's compatible with the openssl API, and supports QUIC via the de-facto standard API that all libs now support, and is fast. Plus it builds easily and relatively quickly (not as fast as wolfssl though). On the other hand, wolfssl is so light and builds so fast that it can also be a source dependency for the vtest project. One just needs to make sure to properly configure it for the local machine. Hoping this helps, Willy _______________________________________________ varnish-dev mailing list varnish-dev@varnish-cache.org https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev
