Point users at the actual guide, and also explain about LD_LIBRARY_PATH Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22505)
3.7 KiB
Using OpenSSL with QUIC
From OpenSSL 3.2, OpenSSL features support for making QUIC connections as a client.
Users interested in using the new QUIC functionality are encouraged to look at some of the following resources:
- The new OpenSSL Guide, which provides introductory guides on the use of TLS, QUIC, and other OpenSSL functionality.
- The OpenSSL Guide incorporates various code samples. The complete source
for these can be found in the source tree under
demos/guide
. - The openssl-quic(7) manual page, which provides a basic reference overview of QUIC functionality and how use of QUIC differs from use of TLS with regard to our API.
- The Demo-Driven Design (DDD) demos, which demonstrate the use of QUIC
using simple examples. These can be found in the source tree under
doc/designs/ddd
. - The demo found in
demos/http3
, which provides an HTTP/3 client example using the nghttp3 HTTP/3 library.
FAQ
Why would I want to use QUIC, and what functionality does QUIC offer relative to TLS or DTLS?
QUIC is a state-of-the-art secure transport protocol carried over UDP. It can serve many of the use cases of SSL/TLS as well as those of DTLS.
QUIC delivers a number of advantages such as support for multiple streams of communication; it is the basis for HTTP/3 RFC 9114; fast connection initiation; and connection migration (enabling a connection to survive IP address changes). For a more complete description of what QUIC is and its advantages see the QUIC Introduction in the OpenSSL Guide.
For a comprehensive overview of OpenSSL's QUIC implementation, see the openssl-quic(7) manual page.
How can I use HTTP/3 with OpenSSL?
There are many HTTP/3 implementations in C available. The use of one such HTTP/3
library with OpenSSL QUIC is demonstrated via the demo found in demos/http3
.
How can I use OpenSSL QUIC in my own application for a different protocol?
The OpenSSL Guide provides introductory examples for how to make use of OpenSSL QUIC.
The openssl-quic(7) manual page and the Demo-Driven Design (DDD) demos may also be helpful to illustrate the changes needed if you are trying to adapt an existing application.
How can I test QUIC using openssl s_client
?
There is basic support for single-stream QUIC using openssl s_client
:
$ openssl s_client -quic -alpn myalpn -connect host:port
In the above example replace host
with the hostname of the server (e.g.
www.example.com
) and port
with the port for the server (e.g. 443
). Replace
myalpn
with the Application Layer Protocol to use (e.g.h3
represents
HTTP/3). IANA maintains a standard list of ALPN ids that can be used.
This example connects to a QUIC server and opens a single bidirectional stream. Data can be passed via stdin/stdout as usual. This allows test usage of QUIC using simple TCP/TLS-like usage. Note that OpenSSL has no direct support for HTTP/3 so connecting to an HTTP/3 server should be possible but sending an HTTP/3 request or receiving any response data is not.