incompatibility with Cloudflare's Quiche implementation

[adewes]

Currently not all QUIC client implementations support key updates (e.g. Quiche is still missing them), which leads to connection issues after receiving a number of packets on a given QUIC connections (100.000 in the case of a quic-go server). For compatibility's sake it would be beneficial if one could change the key update interval or disable key updates altogether, as they are an optional feature in my understanding.

Could we make this configurable? Currently the KeyUpdateInterval variable sits in an internal package so it cannot be modified by client code.

[marten-seemann]

I understand your frustration, but would like to point out that key updates are NOT an optional feature. They're part of the core specification of RFC 9000, and any implementation not supporting key updates is not in compliance with the RFC. This is a bug in quiche and not in quic-go, and it should be fixed there.

If you ask me, it's not a wise idea to deploy an incomplete QUIC implementation on the public internet, especially at that kind of scale. Effectively, they're preventing all other implementations from exercising (non-optional!) features of the protocol.

I really don't want to add a configuration option in the quic.Config, given that the only use case for this is to work around deficiencies in quiche. I could probably be convinced to add a CLOUDFLARE_COMPATIBILITY_MODE environment variable that increases the KeyUpdateInterval though.

[adewes]

Thanks for the quick reply @marten-seemann, I understand that. I already opened a GH issue in the Quiche repository and hope they will fix it soon, in the worst case we'll have to patch quic-go to increase the key update interval, though I hope CF will soon fix that.

[marten-seemann]

Quick update: quiche just added support for key updates: https://github.com/cloudflare/quiche/pull/1456.

[marten-seemann]

Closing since this has been resolved by Cloudflare. Hopefully they'll deploy this soon to their edge.