wolfSSL continues to follow recent development of the protocols driving today’s Internet. QUIC, by some regarded as the successor to TCP, is gaining momentum and is used in production by Google, Fastly, Cloudflare and others when you browse the net.
QUIC is built on top of TLSv1.3 – in a novel way – and now you may use wolfSSL inside your QUIC protocol stack to deliver HTTP/3. The wolfSSL team has contributed integrations to ngtcp2, the popular QUIC implementation. cURL will give you HTTP/3 with wolfSSL on the command line and in your libcurl integration soon.
HTTP/3 is only one (but dominant) use of QUIC. DNS queries are coming, adding the new triple ‘DoQ’ to the list of ‘Do*’ acronyms for name resolution protocols. And other QUIC applications are under active development in the IETF.
The wolfSSL QUIC API is aligned with the corresponding APIs in other *SSL libraries, making integration with QUIC protocol stacks easier and protecting investments. This is a departure from past customs where OpenSSL used to drive the design of APIs. However OpenSSL declined to participate and offers no QUIC support for the foreseeable future.
The need for a new API arises from the improved security design of the QUIC protocol. QUIC protects not only application data, but also its own protocol information with strong encryption. Its packets are more opaque to middleboxes.
This means that en-/decryption needs to happen ‘outside’ of what a TLS library commonly handles. However, the designers of QUIC were well aware of the worth of TLSv1.3 in its design
This resulted in a protocol that makes full use of TLSv1.3 handshake negotiation, ciphers and sessions, but takes over the actual en-/decryption itself. Using secrets and keys from the TLS handshake. These are the facilities that the QUIC API adds.
wolfSSL + QUIC == wolfSSL
Building wolfSSL with QUIC support will give you wolfSSL. All features work as before. In addition you may enable QUIC on a WOLFSSL instance or context. And have a mix of (D)TLS and QUIC sessions in the same application.
For more details about the release of information in general contact firstname.lastname@example.org.