Closed tegefaulkes closed 1 year ago
uNetworkingAB
commented
1 year ago We use boringssl and have no reason to swap back to relying on nodejs openssl. Shipping boringssl is faster and more reliable as we aren't relying on ABI which more often than not is entirely broken in nodejs
CMCDragonkai
commented
1 year ago If the same app has another addon that also uses boringssl, is there a way to recompile uSockets to dynamically link boringssl?
uNetworkingAB
commented
1 year ago You have the code so feel free to try anything you want, but none of this aligns with the goals of uWS.js, or interests me. Statically linking boringssl and shipping the whole binary is how we've been able to ship reliable compatibility everywhere. Nodejs is a total mess in terms of ABI and doesn't follow it's own ABI rules reliably, esp. not when it comes to ssl. Many many Linux distros entirely disregard ABI rules on favor of linking with their openssl version, entirely breaking binary compatibility in highly deceiving ways. All of that problematics goes away by shipping boringssl statically linked and improves performance by 18%.
Looking into
uSocketsI can see that it is usingboringSSL. Is it possible it can dynamically use node'sopenSSLto avoid having multiple SSL libraries within our application? If not is there a plan to support this?I ask because having multiple SSL libraries in our app increases the security surface area of our app. Ideally we want to minimise this.