On Fri, Dec 16, 2022 at 07:29:23AM +0100, Vincent Bernat wrote: > On 2022-12-16 05:49, Willy Tarreau wrote: > > There's currently a great momentum around WolfSSL that was already > > adopted by Apache, Curl, and Ngtcp2 (which is the QUIC stack that > > powers most HTTP/3-compatible agents). Its support on haproxy is > > making fast progress thanks to the efforts on the two sides, and it's > > pleasant to speak to people who care about performance. I'd bet we'll > > find it packaged in a usable state long before OpenSSL finally changes > > their mind on QUIC and reaches distros in a usable state. That's a > > perfect (though sad) example of the impact of design by committee! > > It's currently packaged in Debian and Ubuntu. For Ubuntu, it is currently in > universe (no security support). For Debian, there are discussions to not > ship it in the next release due to security concerns, but this is worked on.
That's great! I noticed that the lib comes with many build options, and I guess that one difficult aspect will be to figure which ones to enable in the packaged version. I guess that the various projects supporting it will help them figure a reasonable set of default settings that suits everyone (at least all packaged projects). This could constitute a potential solution to have both QUIC support and performance back in future distros. > I'll ask again later when its support is finished in HAProxy if we can > switch to it for Debian/Ubuntu packages. Great, thank you for your help! Most users don't realize how much the success of certain protocol improvements depends on just a bunch of people's willingness to improve the situation for end users ;-) > Next Debian will be using OpenSSL 3.0.0. Ubuntu is using OpenSSL 3.0.0 since > Jammy. Good to know for Debian, thanks! Willy
