On 2022-12-16 05:49, Willy Tarreau wrote:
There's currently a great momentum around WolfSSL that was already adopted by Apache, Curl, and Ngtcp2 (which is the QUIC stack that powers most HTTP/3-compatible agents). Its support on haproxy is making fast progress thanks to the efforts on the two sides, and it's pleasant to speak to people who care about performance. I'd bet we'll find it packaged in a usable state long before OpenSSL finally changes their mind on QUIC and reaches distros in a usable state. That's a perfect (though sad) example of the impact of design by committee!
It's currently packaged in Debian and Ubuntu. For Ubuntu, it is currently in universe (no security support). For Debian, there are discussions to not ship it in the next release due to security concerns, but this is worked on.
I'll ask again later when its support is finished in HAProxy if we can switch to it for Debian/Ubuntu packages.
Next Debian will be using OpenSSL 3.0.0. Ubuntu is using OpenSSL 3.0.0 since Jammy.
