|
@@ -12,6 +12,22 @@ QUIC, on the other hand, is always protected by TLS. A QUIC implementation does
|
|
|
implementation of the TLS protocol, specifically TLSv1.3. It does this in new ways and TLS
|
|
|
implementations need to accommodate these. Those specifics have been added to wolfSSL.
|
|
|
|
|
|
+## wolfSSL Configuration
|
|
|
+
|
|
|
+QUIC support is enabled in the common autoconf style via:
|
|
|
+
|
|
|
+```
|
|
|
+> ./configure --enable-quic
|
|
|
+```
|
|
|
+
|
|
|
+this drags in some very basic features. To have everything necessary for a QUIC protocol implementation like ngtcp2, one would do:
|
|
|
+
|
|
|
+```
|
|
|
+ ./configure --enable-quic --enable-session-ticket --enable-earlydata --enable-psk
|
|
|
+```
|
|
|
+
|
|
|
+**Note**: for now, quic is not enabled via `--enable-all` and always needs to be specified.
|
|
|
+
|
|
|
## ngtcp2
|
|
|
|
|
|
One of the recommended QUIC implementations is [ngtpc2](https://github.com/ngtcp2/ngtcp2). It now
|
|
@@ -43,24 +59,6 @@ The separation of QUIC's "crypto" parts from its other protocol enabling functio
|
|
|
|
|
|
Therefore, the complete TLSv1.3 handshake became part of the QUIC protocol, with some restrictions and simplifications (UDP based QUIC does not accommodate broken TCP middle boxes). With the need for a complete TLSv1.3 stack, QUIC implementors happily make use of existing TLS libraries.
|
|
|
|
|
|
-
|
|
|
-
|
|
|
-## wolfSSL Configuration
|
|
|
-
|
|
|
-QUIC support is enabled in the common autoconf style via:
|
|
|
-
|
|
|
-```
|
|
|
-> ./configure --enable-quic
|
|
|
-```
|
|
|
-
|
|
|
-this drags in some very basic features. To have everything necessary for a QUIC protocol implementation like ngtcp2, one would do:
|
|
|
-
|
|
|
-```
|
|
|
- ./configure --enable-quic --enable-session-ticket --enable-earlydata --enable-psk
|
|
|
-```
|
|
|
-
|
|
|
-**Note**: for now, quic is not enabled via `--enable-all` and always needs to be specified.
|
|
|
-
|
|
|
## wolfSSL API
|
|
|
|
|
|
The exposed API carries all methods that the [quictls/openssl](https://github.com/quictls/openssl) introduces. This seems to become the standard, since other *SLL libraries have picked those up or are about to. The methods are all in the `wolfSSL_` prefix. There are some additional methods, which are covered below.
|