envoy-openssl icon indicating copy to clipboard operation
envoy-openssl copied to clipboard
verified publisher icon envoyproxy

QUIC UDP & http3 review

Open cfilleke opened this issue 3 years ago • 2 comments

Which verison of OpenSSL will have QUIC support?

https://youtu.be/cdb7M37o9sU

cfilleke avatar Aug 22 '22 14:08 cfilleke

@mattklein123 please add Ruslan Mstoi github.com/rmstoi to envoyproxy org & opensssl-dev team so we can assign this to him. thanks!

cfilleke avatar Aug 22 '22 14:08 cfilleke

Envoy relies on BoringSSL to support QUIC/HTTP3

OpenSSL requires an Akamai patch to support. This currently breaks the integrity for FIPS.

  1. Identify OpenSSL 3.x support plans for QUIC
  2. Identify use of BoringSSL calls to support QUIC functionality in Envoy
  3. Identify implementation issues with OpenSSL
  • https://www.openssl.org/blog/blog/2020/02/17/QUIC-and-OpenSSL/
  • https://www.openssl.org/blog/blog/2021/12/03/starting-the-quic-design/
  • https://daniel.haxx.se/blog/2021/10/25/the-quic-api-openssl-will-not-provide/
  • https://github.com/openssl/openssl/issues/8174
  • https://community.centminmod.com/threads/http-3-quic-support-not-landing-in-openssl-until-3-1.19132/

twghu avatar Aug 22 '22 14:08 twghu