ingress-nginx
ingress-nginx copied to clipboard
A document is needed to explain that the current support for HTTP3 is not complete.
@tao12345666333 Hi, according to the nginx documentation, there is no need to change OpenSSL 1.1.1 to BoringSSL:
https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
The directive is supported when using OpenSSL 1.1.1 or higher (1.15.4) and BoringSSL.
UPD: I was probably not quite right, because yes, openssl supports quic, but it is incomplete support, and there are problems with some functionality(early data) and performance. But the good news is that openssl said in its roadmap that version 3.4 will have server-side support: https://www.openssl.org/roadmap.html
Also there are problems with client side: https://github.com/openssl/openssl/discussions/23339
Originally posted by @ipaqsa in https://github.com/kubernetes/ingress-nginx/issues/11172#issuecomment-2165196556