On 12/16/22 00:01, Willy Tarreau wrote:
- if you want to use QUIC, use quictls-1.1.1. Once you have to build
something yourself, you definitely don't want to waste your time on
the performance-crippled 3.0, and 1.1.1 will change less often than
3.0 so that also means less package updates.
- if you want to experiment with QUIC and help developers, running
compatibility tests with the latest haproxy master and the latest
WolfSSL master could be useful. I just don't know if the maintainers
are ready to receive lots of uncoordinated reports yet, I'm aware
that they're still in the process of fixing a few basic integration
issues that will make things run much smoother soon. Similarly,
LibreSSL's QUIC support is very recent (3.6) and few people seem to
use LibreSSL, I don't know how well it's supported in distros these
days. More tests on this one would probably be nice and may possibly
encourage its support.
I'd say that I am somewhere in between these two. Helping the devs is
not an EXPLICIT goal, but I am already tinkering with this stuff for
myself, so it's not a lot of extra effort to be involved here. I think
my setup can provide a little bit of useful data and another test
environment. Pursuing http3 has been fun.
Straying offtopic:
I find that being a useful member of open source communities is an
awesome experience. For this one I'm not as much use at the code level
as I am for other communities. My experience with C was a long time ago
... it was one of my first languages. I spend more time with Bash and
Java than anything else these days. Occasionally delve into Perl, which
I really like.
On the subject of building things myself ... way back in the 90s I used
to build all my own Linux kernels, enabling only what I needed, building
it into the kernel directly, and optimizing for the specific CPU in the
machine. And I tended to build most of the software I used from source
as well.
These days, some distros have figured out how to do all these things
better than I ever could, so I mostly install from apt repos. For
really mainstream software, they keep up with recent versions pretty well.
For some software, haproxy being one of the most prominent, the distro
packages are so far behind what's current that I pretty much have to
build it myself if I want useful features. I got started using haproxy
with version 1.4, and quickly went to 1.5-dev because I was pursuing the
best TLS setup I could get. In those days I wasn't using source
repositories, I would download tarballs from 1wt.eu.
Thanks,
Shawn
