Hi, On Wed, Aug 31, 2022 at 10:20:42PM +0200, Lukas Tribus wrote: > Hello, > > > wolfSSL has also chosen to use the same API for QUIC: > > https://www.wolfssl.com/wolfssl-quic-support/ > > > The wolfSSL QUIC API is aligned with the corresponding APIs in other *SSL > > libraries, making integration with QUIC protocol stacks easier and > > protecting investments. This is a departure from past customs where OpenSSL > > used to drive the design of APIs. However OpenSSL declined to participate > > and offers no QUIC support for the foreseeable future. > > > This is probably less useful for haproxy specifically, given that we > don't support wolfssl in the first place, but interesting nonetheless.
Definitely, and we're currently having a look at all of this. GnuTLS also supports QUIC using the same API (at least that's my understanding), so in the end, OpenSSL will be the *only* mainstream SSL library that continues to reject it. That obstination to not listen to their users tells a lot about that project's governance and its life expectancy, and if you factor in the massive performance regression that plagues distros that ship with 3.0 such as Ubuntu 22, that basically limits its use cases to command-line certificate generation and maybe SMTP/IMAP daemons, but the future of the web will clearly be without OpenSSL now. It's their decision, it's really sad and it negatively impacts all of the web infrastructure ecosystem, but it's their project. Many of us implored them to open their ears but there's not much more that can be done at this point, they've started to plant the nails in the coffin. We'll need to move on. Willy
