Question in 1.3 babassl compiles possible?

webserver-llc / angie

Angie - drop-in replacement for Nginx

https://en.angie.software

BSD 2-Clause "Simplified" License

1.25k stars 65 forks source link

Question in 1.3 babassl compiles possible? #45

Open osevan opened 1 year ago

osevan commented 1 year ago

I read this:

"Support for NTLS in the HTTP and stream modules when using the TongSuo TLS library; the support can be enabled via the ‑‑with‑ntls build time option and configured with the corresponding ssl_ntls and proxy_ssl_ntls directives."

Which compile flag enables babassl?

And can we use babassl with quic too?

Thanks and

Best regards

VBart commented 1 year ago

Thanks for your interest.

Please check the ssl_ntls documentation: https://angie.software/en/http_ssl/#ssl-ntls It has the compilation flags example:

./configure --with-openssl=../Tongsuo-8.3.0 \
            --with-openssl-opt=enable-ntls  \
            --with-ntls

where ../Tongsuo-8.3.0 is a path to Tongsuo/BabaSSL sources directory.

And can we use babassl with quic too?

Yes.

osevan commented 1 year ago

Woow Thanks for fast answer.

Any benefits in handshakes completion compared to openssl quic version of google?

VBart commented 1 year ago

OpenSSL doesn't support QUIC natively. Support for OpenSSL is implemented using special compatibility wrapper and as a result QUIC connections migration isn't supported with OpenSSL.

AFAIK, Tongsuo implementation is based on BoringSSL API, so it should support all the QUIC features natively, including the connections migration.

osevan commented 1 year ago

But any benefits?

Faster connections time?

VBart commented 1 year ago

I believe no benefits in connections time over BoringSSL. But it's better to address this question to TongSuo authors.